CVE-2008-1887 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1887
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1887

Description: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41944 UBUNTU http://www.ubuntu.com/usn/usn-632-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html SAID Secunia Advisory: SA31365 Secunia Advisory: SA31255 Secunia Advisory: SA30872 Secunia Advisory: SA29889 Secunia Advisory: SA31518 Secunia Advisory: SA31687 Secunia Advisory: SA33937 GENTOO http://security.gentoo.org/glsa/glsa-200807-01.xml DEBIAN http://www.debian.org/security/2008/dsa-1620 http://www.debian.org/security/2008/dsa-1551 CONFIRM http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122 http://support.apple.com/kb/HT3438 http://bugs.python.org/issue2587 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/506056/100/0/threaded http://www.securityfocus.com/archive/1/490776 BID 28749 APPLE http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Return to the previous page.