Integer overflow in Python - CVE-2008-2315
Published: August 2, 2023 / Updated: June 3, 2025
Python
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
How to mitigate CVE-2008-2315
Sources
- http://bugs.gentoo.org/attachment.cgi?id=159418&action=view
- http://bugs.gentoo.org/show_bug.cgi?id=230640
- http://security.gentoo.org/glsa/glsa-200807-16.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
- http://secunia.com/advisories/31305
- http://secunia.com/advisories/31365
- http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31358
- http://www.securityfocus.com/bid/30491
- http://secunia.com/advisories/31332
- http://www.ubuntu.com/usn/usn-632-1
- http://secunia.com/advisories/31518
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
- http://secunia.com/advisories/31687
- http://www.openwall.com/lists/oss-security/2008/11/05/2
- http://www.openwall.com/lists/oss-security/2008/11/05/3
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://www.debian.org/security/2008/dsa-1667
- http://secunia.com/advisories/32793
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/37471
- http://support.avaya.com/css/P8/documents/100074697
- http://secunia.com/advisories/38675
- http://www.vupen.com/english/advisories/2008/2288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
- http://www.securityfocus.com/archive/1/507985/100/0/threaded