CVE-2007-2052
Priority
Low
Description
Off-by-one error in the PyLocale_strxfrm function in
Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer
size to be used for the strxfrm function, which allows context-dependent
attackers to read portions of memory via unknown manipulations that trigger
a buffer over-read due to missing null termination.
Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer
size to be used for the strxfrm function, which allows context-dependent
attackers to read portions of memory via unknown manipulations that trigger
a buffer over-read due to missing null termination.
References
Notes
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416931
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416931
Assigned-to
kees
Package
| Upstream: | released (2.5.1-1) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
Patches:
| Vendor: | http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931 |
Package
| Upstream: | released (2.4.4-3) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
Patches:
| Vendor: | http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=strxfrm-leak.patch;att=1;bug=416931 |