NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-5031

Summary	Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Publication Date	Nov. 11, 2008, 1:15 a.m.
Registration Date	Jan. 29, 2021, 1:45 p.m.
Last Update	Oct. 25, 2019, 8:53 p.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:python:python:2.2.3:::::::*
cpe:2.3:a:python:python:2.3.7:::::::*
cpe:2.3:a:python:python:2.4.6:::::::*
cpe:2.3:a:python:python:2.5.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	APPLE
2	http://scary.beasts.org/security/CESA-2008-008.html	MISC
3	http://secunia.com/advisories/33937	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/35750	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/37471	SECUNIA	Vendor Advisory
6	http://security.gentoo.org/glsa/glsa-200907-16.xml	GENTOO
7	http://support.apple.com/kb/HT3438	CONFIRM
8	http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c	CONFIRM
9	http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c	CONFIRM
10	http://svn.python.org/view?rev=61350&view=rev	CONFIRM
11	http://www.openwall.com/lists/oss-security/2008/11/05/2	MLIST
12	http://www.openwall.com/lists/oss-security/2008/11/05/3	MLIST
13	http://www.securityfocus.com/archive/1/507985/100/0/threaded	BUGTRAQ
14	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	CONFIRM
15	http://www.vupen.com/english/advisories/2009/3316	VUPEN	Vendor Advisory
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/46612	XF
17	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280	OVAL
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html