CVE-2008-2315: Integer Overflow
First published: Fri Aug 01 2008(Updated: )
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CPython | =2.2 | |
| CPython | =2.4.4 | |
| CPython | =2.0.1 | |
| CPython | =1.6 | |
| CPython | =2.4.3 | |
| CPython | =2.3.7 | |
| CPython | =2.3.2 | |
| CPython | =2.4.5 | |
| CPython | =2.3.3 | |
| CPython | =1.5.2 | |
| CPython | =2.1.2 | |
| CPython | =2.4.1 | |
| CPython | =2.4 | |
| CPython | =2.3 | |
| CPython | =2.1 | |
| CPython | =2.2.2 | |
| CPython | =2.3.5 | |
| CPython | =2.5.1 | |
| CPython | =1.6.1 | |
| CPython | =2.3.1 | |
| CPython | =2.1.3 | |
| CPython | =2.4.2 | |
| CPython | =2.3.4 | |
| CPython | =2.5 | |
| CPython | =2.3.6 | |
| CPython | =2.0 | |
| CPython | =2.1.1 | |
| CPython | =2.2.1 | |
| CPython | =2.2.3 | |
| CPython | <=2.5.2 | |
| Python Babel Localedata | <=2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/attachment.cgi?id=159418&action=view
- http://bugs.gentoo.org/show_bug.cgi?id=230640
- http://security.gentoo.org/glsa/glsa-200807-16.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
- http://secunia.com/advisories/31305
- http://secunia.com/advisories/31365
- http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31358
- http://www.securityfocus.com/bid/30491
- http://secunia.com/advisories/31332
- http://www.ubuntu.com/usn/usn-632-1
- http://secunia.com/advisories/31518
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
- http://secunia.com/advisories/31687
- http://www.openwall.com/lists/oss-security/2008/11/05/2
- http://www.openwall.com/lists/oss-security/2008/11/05/3
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://www.debian.org/security/2008/dsa-1667
- http://secunia.com/advisories/32793
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/37471
- http://support.avaya.com/css/P8/documents/100074697
- http://secunia.com/advisories/38675
- http://www.vupen.com/english/advisories/2008/2288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-2315?
The severity of CVE-2008-2315 is classified as medium due to the potential for integer overflows leading to arbitrary code execution.
How do I fix CVE-2008-2315?
To fix CVE-2008-2315, upgrade Python to version 2.5.3 or later, or apply appropriate patches provided by the Python Software Foundation.
What versions are affected by CVE-2008-2315?
CVE-2008-2315 affects Python versions 2.5.2 and earlier, including versions 2.0 through 2.5.2.
What are the potential impacts of CVE-2008-2315?
The potential impacts of CVE-2008-2315 include execution of arbitrary code and possible system compromise due to integer overflow vulnerabilities.
Who can exploit CVE-2008-2315?
CVE-2008-2315 can be exploited by context-dependent attackers who can manipulate inputs processed by the vulnerable modules.
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- vendor/python software foundation
- canonical/cpython
- version/cpython/2.2
- version/cpython/2.4.4
- version/cpython/2.0.1
- version/cpython/1.6
- version/cpython/2.4.3
- version/cpython/2.3.7
- version/cpython/2.3.2
- version/cpython/2.4.5
- version/cpython/2.3.3
- version/cpython/1.5.2
- version/cpython/2.1.2
- version/cpython/2.4.1
- version/cpython/2.4
- version/cpython/2.3
- version/cpython/2.1
- version/cpython/2.2.2
- version/cpython/2.3.5
- version/cpython/2.5.1
- version/cpython/1.6.1
- version/cpython/2.3.1
- version/cpython/2.1.3
- version/cpython/2.4.2
- version/cpython/2.3.4
- version/cpython/2.5
- version/cpython/2.3.6
- version/cpython/2.0
- version/cpython/2.1.1
- version/cpython/2.2.1
- version/cpython/2.2.3
- version/cpython/2.5.2
- vendor/python
- canonical/python babel localedata
- version/python babel localedata/2.5.2