Vulnerability Details : CVE-2008-3143
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Vulnerability category: Overflow
Products affected by CVE-2008-3143
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3143
1.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3143
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-3143
-
Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3143
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
Broken Link;Third Party Advisory
-
http://www.securityfocus.com/archive/1/495445/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/30491
Third Party Advisory;VDB Entry
-
http://www.python.org/download/releases/2.5.2/NEWS.txt
Vendor Advisory
-
http://wiki.rpath.com/Advisories:rPSA-2008-0243
Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://svn.python.org/view?rev=60793&view=rev
Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2288
Broken Link;Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1667
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-632-1
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200807-16.xml
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
Broken Link
-
http://www.python.org/download/releases/2.6/NEWS.txt
Vendor Advisory
-
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
Broken Link;Third Party Advisory
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory;VDB Entry
-
http://bugs.gentoo.org/show_bug.cgi?id=232137
Third Party Advisory
Jump to