CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5031

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile4.51th
PublishedNov 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Affected Platforms (CPE)

πŸ“¦
Python

Python

= 2.2.3
πŸ“¦
Python

Python

= 2.3.7
πŸ“¦
Python

Python

= 2.4.6
πŸ“¦
Python

Python

= 2.5.1

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
πŸ”— http://scary.beasts.org/security/CESA-2008-008.html
πŸ”— http://secunia.com/advisories/33937
πŸ”— http://secunia.com/advisories/35750
πŸ”— http://secunia.com/advisories/37471
πŸ”— http://security.gentoo.org/glsa/glsa-200907-16.xml
πŸ”— http://support.apple.com/kb/HT3438
πŸ”— http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

Related Vulnerabilities

CVE-2014-816510.0

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers ...

CVE-2014-300710.0

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell m...

CVE-2014-296710.0

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Py...

CVE-2020-269439.9

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboar...