Vulnerability Description
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Python | >= 2.2.0, < 2.2.2 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2004/dsa-458PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200409-03.xmlThird Party Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019Broken Link
- http://www.osvdb.org/4172Broken Link
- http://www.securityfocus.com/bid/9836PatchThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15409VDB Entry
- http://www.debian.org/security/2004/dsa-458PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200409-03.xmlThird Party Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019Broken Link
- http://www.osvdb.org/4172Broken Link
- http://www.securityfocus.com/bid/9836PatchThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15409VDB Entry
FAQ
What is CVE-2004-0150?
CVE-2004-0150 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
How severe is CVE-2004-0150?
CVE-2004-0150 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0150?
Check the references section above for vendor advisories and patch information. Affected products include: Python Python.