CVEブラウザに戻る

CVE-2008-5031

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0760%

EPSS Percentile4.51th

Published2008年11月10日

Last Modified2026年4月23日

Vulnerability Description

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Affected Platforms (CPE)

📦

Python

Python

= 2.2.3

📦

Python

Python

= 2.3.7

📦

Python

Python

= 2.4.6

📦

Python

Python

= 2.5.1

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

🔗 http://scary.beasts.org/security/CESA-2008-008.html

🔗 http://secunia.com/advisories/33937

🔗 http://secunia.com/advisories/35750

🔗 http://secunia.com/advisories/37471

🔗 http://security.gentoo.org/glsa/glsa-200907-16.xml

🔗 http://support.apple.com/kb/HT3438

🔗 http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

関連する脆弱性情報

CVE-2014-816510.0

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers ...

CVE-2014-300710.0

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell m...

CVE-2014-296710.0

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Py...

CVE-2020-269439.9

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboar...