what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-3142

Status Candidate

Overview

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.

Related Files

Debian Linux Security Advisory 1667-1
Posted Nov 19, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1667-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
SHA-256 | 12fdf078391ae1df310f450b4a5d9467ff078cdcdaab7caaf897fa6ed1464822
Mandriva Linux Security Advisory 2008-164
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules. Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems. Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption. The updated packages have been patched to correct these issues. As well, Python packages on Corporate Server 4 have been updated to the latest version 2.4.5.

tags | advisory, denial of service, overflow, arbitrary, python
systems | linux, apple, mandriva
advisories | CVE-2008-1679, CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
SHA-256 | 7dc4bf08958120be9ebfa5a253d3225fede65d00fa94562dac3b315b2ecf3cbc
Mandriva Linux Security Advisory 2008-163
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules. reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results. Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems. Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption. The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.

tags | advisory, denial of service, overflow, arbitrary, python
systems | linux, apple, mandriva
advisories | CVE-2008-1679, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
SHA-256 | 9a50d43050213b8aac716a2a7270d520a3c43c10e5bec3a1910ee71cf69067ab
Ubuntu Security Notice 632-1
Posted Aug 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 632-1 - Many vulnerabilities have been addressed in the python 2.4 and python 2.5 packages. These include integer overflows, arbitrary code execution, and other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution, python
systems | linux, ubuntu
advisories | CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
SHA-256 | 3ce008a937eacbb9c53b664057738663d026122c9a6afc70fda346a0cb119154
Gentoo Linux Security Advisory 200807-16
Posted Aug 1, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200807-16 - Multiple vulnerabilities in Python may allow for the execution of arbitrary code. Versions less than 2.5.2-r6 are affected.

tags | advisory, arbitrary, vulnerability, python
systems | linux, gentoo
advisories | CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
SHA-256 | 9ae6d7842402c013fff9b0dae09817ac492c8c70c103bba8e87713e308f3fb8a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close