PT-2008-3264 · Jean Loup Gailly Mark Adler+3 · Zlib+3

Publicado

2008-04-10

Atualizado

2024-06-15

CVE-2008-1721

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Python versions 2.5.2 and earlier

Description The issue is related to an integer signedness error in the zlib extension module, which allows remote attackers to execute arbitrary code via a negative signed integer. This triggers insufficient memory allocation and a buffer overflow.

Recommendations For Python versions 2.5.2 and earlier, update to a version that includes a fix for the integer signedness error in the zlib extension module. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-681

Identificadores relacionados

CVE-2008-1721

DSA-1551-1

DSA-1620-1

OPENSUSE-SU-2024:11202-1

PSF-2008-2

RHSA-2009:1176

RHSA-2009:1177

RHSA-2009_1176

RHSA-2009_1177

SUSE-SU-2020:0234-1

Produtos afetados

Python

Red Hat

Suse

Zlib

PT-2008-3264 · Jean Loup Gailly Mark Adler+3 · Zlib+3

CVE-2008-1721

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 196