PT-2007-3395 · Python+2 · Python+2

Published

2007-04-16

Updated

2024-06-15

CVE-2007-2052

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Python versions 2.4 through 2.5

Description The issue is caused by an off-by-one error in the PyLocale strxfrm function, which results in an incorrect buffer size being used for the strxfrm function. This allows attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Recommendations For Python versions 2.4 and 2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

CVE-2007-2052

DSA-1551-1

DSA-1620-1

OPENSUSE-SU-2024:11202-1

RHSA-2007:1076

RHSA-2007:1077

RHSA-2007_1076

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

RHSA-2009:1176

RHSA-2009_1176

SUSE-SU-2020:0234-1

Affected Products

Python

Red Hat

Suse

PT-2007-3395 · Python+2 · Python+2

CVE-2007-2052

Weakness Enumeration

Related Identifiers

Affected Products

References · 203