CVE-2008-3143: Integer Overflow
First published: Thu Feb 14 2008(Updated: )
Description of problem: Added checks for integer overflows, contributed by Google. Some are only available if asserts are left in the code, in cases where they can't be triggered from Python code. Proposed upstream patch: <a href="http://svn.python.org/view?rev=60793&view=rev">http://svn.python.org/view?rev=60793&view=rev</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/python | <0:2.3.4-14.7.el4_8.2 | 0:2.3.4-14.7.el4_8.2 |
| redhat/python | <0:2.4.3-24.el5_3.6 | 0:2.4.3-24.el5_3.6 |
| CPython | =2.0.1 | |
| CPython | =2.3.7 | |
| CPython | =2.4.5 | |
| CPython | =1.5.2 | |
| CPython | <=2.5.1 | |
| CPython | =1.6.1 | |
| CPython | =2.1.3 | |
| CPython | =2.2.3 | |
| Python Babel Localedata | <2.5.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/show_bug.cgi?id=232137
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31332
- http://secunia.com/advisories/31365
- http://secunia.com/advisories/31473
- http://secunia.com/advisories/31518
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/32793
- http://secunia.com/advisories/37471
- http://security.gentoo.org/glsa/glsa-200807-16.xml
- http://svn.python.org/view?rev=60793&view=rev
- http://wiki.rpath.com/Advisories:rPSA-2008-0243
- http://www.debian.org/security/2008/dsa-1667
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
- http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
- http://www.python.org/download/releases/2.5.2/NEWS.txt
- http://www.python.org/download/releases/2.6/NEWS.txt
- http://www.securityfocus.com/archive/1/495445/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/30491
- http://www.ubuntu.com/usn/usn-632-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2008/2288
- http://www.vupen.com/english/advisories/2009/3316
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
- http://www.redhat.com/security/updates/classification/
- https://rhn.redhat.com/errata/RHSA-2009-1176.html
- https://rhn.redhat.com/errata/RHSA-2009-1177.html
- https://rhn.redhat.com/errata/RHSA-2009-1178.html
- https://bugzilla.redhat.com/show_bug.cgi?id=455013
- https://www.cve.org/CVERecord?id=CVE-2008-3143 https://nvd.nist.gov/vuln/detail/CVE-2008-3143
- https://access.redhat.com/errata/RHSA-2009:1178
- https://access.redhat.com/errata/RHSA-2009:1177
- https://access.redhat.com/errata/RHSA-2009:1176
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3143.json
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2008-3143?
CVE-2008-3143 has been classified as a moderate severity vulnerability due to potential integer overflow issues.
How do I fix CVE-2008-3143?
To mitigate CVE-2008-3143, upgrade to a patched version of Python above the specified vulnerable versions as indicated in security advisories.
Which versions of Python are affected by CVE-2008-3143?
CVE-2008-3143 affects Python versions including 1.5.2, 1.6.1, 2.0.1, 2.1.3, 2.2.3, 2.3.4 up to 2.3.7, 2.4.3 up to 2.4.5, and up to 2.5.1.
What are the potential impacts of CVE-2008-3143?
The potential impacts of CVE-2008-3143 include the risk of unexpected behavior or crashes in applications using the affected versions of Python.
Is there a patch for CVE-2008-3143?
Yes, there are proposed upstream patches available to fix CVE-2008-3143, which should be applied to the affected Python versions.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3143
- agent/references
- agent/severity
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/description
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- package-manager/redhat
- vendor/python software foundation
- canonical/cpython
- version/cpython/2.0.1
- version/cpython/2.3.7
- version/cpython/2.4.5
- version/cpython/1.5.2
- version/cpython/2.5.1
- version/cpython/1.6.1
- version/cpython/2.1.3
- version/cpython/2.2.3
- vendor/python
- canonical/python babel localedata