CVE-2008-1887
Published: 18 April 2008
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
python2.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.3-0ubuntu6.2)
|
feisty |
Released
(2.4.4-2ubuntu7.2)
|
|
gutsy |
Released
(2.4.4-6ubuntu4.2)
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1551 |
||
python2.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Released
(2.5.1-0ubuntu1.2)
|
|
gutsy |
Released
(2.5.1-5ubuntu5.2)
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|