CVE-2007-2052

Priority
Low
Description
Off-by-one error in the PyLocale_strxfrm function in
Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer
size to be used for the strxfrm function, which allows context-dependent
attackers to read portions of memory via unknown manipulations that trigger
a buffer over-read due to missing null termination.
References
Notes
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416931
Assigned-to
kees
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:released (2.5.1-1)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Patches:
Vendor:http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931
Package
Upstream:released (2.4.4-3)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Patches:
Vendor:http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:17:50 UTC (commit 5347)