Integer overflow in Python - CVE-2008-2315
Published: August 2, 2023 / Updated: June 3, 2025
Vulnerability identifier: #VU110163
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2008-2315
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Python
Python
Software vendor:
Python.org
Python.org
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Remediation
Install update from vendor's website.
External links
- http://bugs.gentoo.org/attachment.cgi?id=159418&action=view
- http://bugs.gentoo.org/show_bug.cgi?id=230640
- http://security.gentoo.org/glsa/glsa-200807-16.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
- http://secunia.com/advisories/31305
- http://secunia.com/advisories/31365
- http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31358
- http://www.securityfocus.com/bid/30491
- http://secunia.com/advisories/31332
- http://www.ubuntu.com/usn/usn-632-1
- http://secunia.com/advisories/31518
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
- http://secunia.com/advisories/31687
- http://www.openwall.com/lists/oss-security/2008/11/05/2
- http://www.openwall.com/lists/oss-security/2008/11/05/3
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://www.debian.org/security/2008/dsa-1667
- http://secunia.com/advisories/32793
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/37471
- http://support.avaya.com/css/P8/documents/100074697
- http://secunia.com/advisories/38675
- http://www.vupen.com/english/advisories/2008/2288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
- http://www.securityfocus.com/archive/1/507985/100/0/threaded