Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/vuln/multiple-integer-overflows-google.html below:

Multiple integer overflows (Google) — Python Security 0.0 documentation

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to:

• Include/pymem.h

• Modules/:

  • _csv.c

  • _struct.c

  • arraymodule.c

  • audioop.c

  • binascii.c

  • cPickle.c

  • cStringIO.c

  • datetimemodule.c

  • md5.c

  • rgbimgmodule.c

  • stropmodule.c

• Modules/cjkcodecs/multibytecodec.c

• Objects/:

  • bufferobject.c

  • listobject.c

  • obmalloc.c

• Parser/node.c

• Python/:

  • asdl.c

  • ast.c

  • bltinmodule.c

  • compile

as addressed by “checks for integer overflows, contributed by Google.”

Dates:

• Disclosure date: 2008-04-11 (Python issue bpo-2620 reported)

• Python 2.5.3 (2008-12-19) fixed by commit 83ac014 (branch 2.5) (2008-07-28)

• Python 2.6.0 (2008-10-01) fixed by commit 0470bab (branch 2.6) (2008-07-22)

• Python 3.0.0 (2008-12-03) fixed by commit d492ad8 (branch 3.1) (2008-07-23)

Multiple buffer overflows in unicode processing.

• Python issue: bpo-2620

• Creation date: 2008-04-11

• Reporter: Justin Ferguson

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by “checks for integer overflows, contributed by Google.”

• CVE ID: CVE-2008-3143

• Published: 2008-08-01

• CVSS Score: 7.5

Timeline using the disclosure date 2008-04-11 as reference:

• 2008-04-11: Python issue bpo-2620 reported by Justin Ferguson

• 2008-07-22 (+102 days): commit 0470bab (branch 2.6)

• 2008-07-23 (+103 days): commit d492ad8 (branch 3.1)

• 2008-07-28 (+108 days): commit 83ac014 (branch 2.5)

• 2008-08-01 (+112 days): CVE-2008-3143 published

• 2008-10-01: Python 2.6.0 released

• 2008-12-03: Python 3.0.0 released

• 2008-12-19 (+252 days): Python 2.5.3 released

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4