CVE-2008-2315 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-2315?

CVE-2008-2315 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2315?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python.

Vulnerability Description

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Python	Python	<= 2.5.2

Related Weaknesses (CWE)

CWE-190

References

http://bugs.gentoo.org/attachment.cgi?id=159418&action=viewExploit
http://bugs.gentoo.org/show_bug.cgi?id=230640Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
http://secunia.com/advisories/31305Broken Link
http://secunia.com/advisories/31332Broken Link
http://secunia.com/advisories/31358Broken Link
http://secunia.com/advisories/31365Broken Link
http://secunia.com/advisories/31518Broken Link
http://secunia.com/advisories/31687Broken Link
http://secunia.com/advisories/32793Broken Link
http://secunia.com/advisories/33937Broken Link
http://secunia.com/advisories/37471Broken Link
http://secunia.com/advisories/38675Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xmlThird Party Advisory

FAQ

What is CVE-2008-2315?

CVE-2008-2315 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4)...

How severe is CVE-2008-2315?

CVE-2008-2315 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2315?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python.