Page 10 of 56 results (0.021 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2008-3144 – python: Potential integer underflow and overflow in the PyOS_vsnprintf C API function

https://notcve.org/view.php?id=CVE-2008-3144

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. Múltiples desbordamientos de enterod en la función PyOS_vsnprintf en Python/mysnprintf.c en Python 2.5.2 y anteriores. Permite a atacantes dependientes de contexto causar denegación de servicio (corrupción de la memoria) o tiene otro impacto no especificado a través de entradas manipuladas a operaciones de formateo de cadenas de caracteres. NOTA: el manejo de ciertos valores de enteros está también influenciado por desbordamientos inferiores de enteros relacionados y un error de superación del límite (off-by-one). • http://bugs.gentoo.org/show_bug.cgi?id=232137 http://bugs.python.org/issue2588 http://bugs.python.org/issue2589 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31305 http://secunia.com/advisories/31332 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31473 http://secunia.com/advisories/31518 http • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2008-2315 – python: Multiple integer overflows in python core

https://notcve.org/view.php?id=CVE-2008-2315

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. Múltiples desbordamientos de enteros en Python 2.5.2 y anteriores. Permite a atacantes dependientes de contexto a tener un impacto desconocido a través de vectores relacionados con el (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, y los módulos (6) stropmodule, (7) gcmodule, and (8) mmapmodule. • http://bugs.gentoo.org/attachment.cgi?id=159418&action=view http://bugs.gentoo.org/show_bug.cgi?id=230640 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31305 http://secunia.com/advisories/31332 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia.com/advisories/31687 http://sec • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1679 – python: imageop module integer overflows

https://notcve.org/view.php?id=CVE-2008-1679

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. Múltiples desbordamientos de entero en imageop.c de Python versiones anteriores a 2.5.3 permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de imágenes manipuladas que disparan desbordamientos de búfer basado en montículo. NOTA: esta cuestión es debida a una corrección incompleta para CVE-2007-4965. • http://bugs.python.org/issue1179 http://bugs.python.org/msg64682 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia. • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 2

CVE-2008-1887 – python: PyString_FromStringAndSize does not check for negative size values

https://notcve.org/view.php?id=CVE-2008-1887

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. Python versión 2.5.2 y anteriores, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de varios vectores que causan que se proporcione un valor de tamaño negativo a la función PyString_FromStringAndSize, que asigna menos memoria de la esperada cuando assert() está deshabilitado y desencadena un desbordamiento de búfer. • http://bugs.python.org/issue2587 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29889 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia.com/advisories/31687 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://securit • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 10%CPEs: 7EXPL: 2

CVE-2008-1721 – Python zlib Module - Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-1721

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. Error de signo en entero en el módulo de extensión zlib en Python 2.5.2 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un entero negativo, lo que provoca una asignación insuficiente de memoria y un desbordamiento de búfer. • https://www.exploit-db.com/exploits/31634 http://bugs.python.org/issue2586 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http:& • CWE-681: Incorrect Conversion between Numeric Types •