PT-2008-6186 · Python+1 · Python+1

Jan Lieskovsky

Published

2008-11-10

Updated

2019-10-25

CVE-2008-5031

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Python versions 2.2.3 through 2.5.1 Python version 2.6

Description The issue is caused by multiple integer overflows that allow context-dependent attackers to have an unknown impact. This occurs when a large integer value is passed in the tabsize argument to the expandtabs method. The affected functions are string expandtabs in Objects/stringobject.c and unicode expandtabs in Objects/unicodeobject.c.

Recommendations For Python versions 2.2.3 through 2.5.1, and version 2.6, consider restricting the use of the expandtabs method with large integer values in the tabsize argument until a patch is available. As a temporary workaround, avoid using large integer values for the tabsize argument in the affected expandtabs method.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-5031

PSF-2008-10

RHSA-2009:1176

RHSA-2009:1177

RHSA-2009:1178

RHSA-2009_1176

RHSA-2009_1177

Affected Products

Python

Red Hat

PT-2008-6186 · Python+1 · Python+1

CVE-2008-5031

Weakness Enumeration

Related Identifiers

Affected Products

References · 44