CVE-2008-2315

NameCVE-2008-2315
DescriptionMultiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1667-1, DTSA-157-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.4source(unstable)2.4.5-5high
python2.4sourceetch2.4.4-3+etch2highDSA-1667-1
python2.5source(unstable)2.5.2-10high
python2.5sourcelenny2.5.2-6+lenny1highDTSA-157-1

Notes

[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)

Search for package or bug name: Reporting problems