CVE-2004-0150: Buffer Overflow
First published: Thu Apr 15 2004(Updated: )
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CPython | =2.2 | |
| CPython | =2.2.1 | |
| Python Babel Localedata | >=2.2.0<2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0150?
CVE-2004-0150 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2004-0150?
To fix CVE-2004-0150, upgrade Python to version 2.2.2 or later.
What versions of Python are affected by CVE-2004-0150?
CVE-2004-0150 affects Python versions 2.2.0, 2.2.1, and earlier.
How can CVE-2004-0150 be exploited by attackers?
Attackers can exploit CVE-2004-0150 by sending a crafted IPv6 address through DNS, leading to a buffer overflow.
Is IPv6 support relevant to the vulnerability in CVE-2004-0150?
Yes, the vulnerability occurs when IPv6 support is disabled in the affected versions of Python.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- vendor/python software foundation
- canonical/cpython
- version/cpython/2.2
- version/cpython/2.2.1
- vendor/python
- canonical/python babel localedata
- version/python babel localedata/2.2.0