CVE-2007-2052

Priority
Low
Description
Off-by-one error in the PyLocale_strxfrm function in
Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer
size to be used for the strxfrm function, which allows context-dependent
attackers to read portions of memory via unknown manipulations that trigger
a buffer over-read due to missing null termination.
References
Notes
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416931
Assigned-to
kees
Package
Upstream:needs-triage
Package
Upstream:released (2.5.1-1)
Patches:
Vendor:http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931
Package
Upstream:released (2.4.4-3)
Patches:
Vendor:http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:29:31 UTC (commit 9756)