CVE-2008-1887 - CVE Reference - Advisories

CVE Reference: CVE-2008-1887

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1887

Description: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41944 SAID Secunia Advisory: SA29889 Secunia Advisory: SA30872 GENTOO http://security.gentoo.org/glsa/glsa-200807-01.xml DEBIAN http://www.debian.org/security/2008/dsa-1551 CONFIRM http://bugs.python.org/issue2587 BUGTRAQ http://www.securityfocus.com/archive/1/490776 BID 28749

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	OpenBSD BIND Query Port DNS Cache Poisoning

3.	Drupal Session Fixation Vulnerability

4.	Advanced Poll Multiple Vulnerabilities

5.	PHP Classifieds "catid" and "catid_search" SQL Injection Vulnerability

6.	Ubuntu update for php

7.	Apple Safari Cross-Domain Cookie Injection Vulnerability

8.	Red Hat update for kernel

9.	Debian update for xulrunner

10.	Slackware update for dnsmasq