CVE-2008-5031

{"id": "CVE-2008-5031", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-10T16:15:12.140", "references": [{"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "source": "cve@mitre.org"}, {"url": "http://scary.beasts.org/security/CESA-2008-008.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35750", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37471", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200907-16.xml", "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3438", "source": "cve@mitre.org"}, {"url": "http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c", "source": "cve@mitre.org"}, {"url": "http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c", "source": "cve@mitre.org"}, {"url": "http://svn.python.org/view?rev=61350&view=rev", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/2", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/3", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46612", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://scary.beasts.org/security/CESA-2008-008.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/35750", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/37471", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200907-16.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT3438", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.python.org/view?rev=61350&view=rev", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46612", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c.  NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en Python versiones 2.2.3 hasta 2.5.1 y 2.6, permiten a los atacantes dependiendo del contexto tener un impacto desconocido por medio de un valor entero largo en el argumento tabsize para el m\u00e9todo expandtabs, tal y como es implementado por ( 1) la funci\u00f3n string_expandtabs en el archivo Objects/stringobject.c y (2) la funci\u00f3n unicode_expandtabs en el archivo Objects/unicodeobject.c. NOTA: esta vulnerabilidad se presenta debido a una correcci\u00f3n incompleta para el CVE-2008-2315."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569FAD3A-17DF-424A-AF93-B0720D48D6B6"}, {"criteria": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02839080-EFB1-4F63-9D4E-45E26D82ECF5"}, {"criteria": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B6E723-EC9D-44EF-9DB8-8A229E0ABBB5"}, {"criteria": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D3CD4F-0C58-46F4-939D-FDF19BC98729"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}