Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008110...
MLIST: [oss-security] 2008110...
MISC: http://scary.beasts.or...
APPLE: APPLE-SA-2009-02-12
SECUNIA: 33937
GENTOO: GLSA-200907-16
SECUNIA: 35750
CONFIRM: http://support.apple.c...
CONFIRM: http://www.vmware.com/...
SECUNIA: 37471
VUPEN: ADV-2009-3316
CONFIRM: http://svn.python.org/...
CONFIRM: http://svn.python.org/...
CONFIRM: http://svn.python.org/...
XF: python-expandtabs-inte...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...

Launchpad.net

CVE 2008-5031

Related bugs

References