CVE-2008-2315
Summary
| CVE | CVE-2008-2315 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-08-01 14:41:00 UTC |
| Updated | 2023-08-02 17:14:00 UTC |
| Description | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Python | Python | All | All | All | All |
| Application | Python Software Foundation | Python | 1.5.2 | All | All | All |
| Application | Python Software Foundation | Python | 1.6 | All | All | All |
| Application | Python Software Foundation | Python | 1.6.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.0 | All | All | All |
| Application | Python Software Foundation | Python | 2.0.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.6 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.7 | All | All | All |
| Application | Python Software Foundation | Python | 2.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5.1 | All | All | All |
| Application | Python Software Foundation | Python | 1.5.2 | All | All | All |
| Application | Python Software Foundation | Python | 1.6 | All | All | All |
| Application | Python Software Foundation | Python | 1.6.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.0 | All | All | All |
| Application | Python Software Foundation | Python | 2.0.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.6 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.7 | All | All | All |
| Application | Python Software Foundation | Python | 2.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5.1 | All | All | All |
| Application | Python Software Foundation | Python | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| The Slackware Linux Project: Slackware Security Advisories | SLACKWARE | slackware.com | |
| APPLE-SA-2009-02-12 Security Update 2009-001 | APPLE | lists.apple.com | |
| Ubuntu update for python - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| SUSE update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| Gentoo Linux Documentation -- Python: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| USN-632-1: Python vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Slackware update for python - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:017 | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-1667-1 python2.4 | DEBIAN | www.debian.org | |
| Gentoo Bug 230640 - dev-lang/python <2.4.4-r14 integer overflows (CVE-2008-2315, CVE-2008-2316) | CONFIRM | bugs.gentoo.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| oss-security - Re: CVE Request - Python string expandtabs | MLIST | www.openwall.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Support | Micro Focus | CONFIRM | www.novell.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Support / Security / Advisories / / MDVSA-2008:163 | Mandriva | MANDRIVA | www.mandriva.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| oss-security - CVE Request - Python string expandtabs | MLIST | www.openwall.com | |
| ASA-2010-050 (SUN 273570) | CONFIRM | support.avaya.com | |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| bugs.gentoo.org/attachment.cgi | CONFIRM | bugs.gentoo.org | Exploit |
| VMSA-2009-0016.1 | CONFIRM | www.vmware.com | |
| Debian update for python2.4 - Secunia.com | SECUNIA | secunia.com | |
| Support / Security / Advisories / / MDVSA-2008:164 | Mandriva | MANDRIVA | www.mandriva.com | |
| About the security content of Security Update 2009-001 | CONFIRM | support.apple.com | |
| Python Multiple Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Avaya CMS Solaris Python Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | |
| Python Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| VMware ESX and vMA Update for Multiple Packages - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Gentoo update for python - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.