CVE-2007-2052

NameCVE-2007-2052
DescriptionOff-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1551-1, DSA-1620-1
Debian Bugs416931, 416934

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.3source(unstable)(unfixed)low
python2.4sourceetch2.4.4-3+etch1DSA-1551-1
python2.4source(unstable)2.4.4-3low416931
python2.5sourceetch2.5-5+etch1DSA-1620-1
python2.5source(unstable)2.5.1-1low416934

Search for package or bug name: Reporting problems