CVE-2008-3144 – python: Potential integer underflow and overflow in the PyOS_vsnprintf C API function
https://notcve.org/view.php?id=CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. Múltiples desbordamientos de enterod en la función PyOS_vsnprintf en Python/mysnprintf.c en Python 2.5.2 y anteriores. Permite a atacantes dependientes de contexto causar denegación de servicio (corrupción de la memoria) o tiene otro impacto no especificado a través de entradas manipuladas a operaciones de formateo de cadenas de caracteres. NOTA: el manejo de ciertos valores de enteros está también influenciado por desbordamientos inferiores de enteros relacionados y un error de superación del límite (off-by-one). • http://bugs.gentoo.org/show_bug.cgi?id=232137 http://bugs.python.org/issue2588 http://bugs.python.org/issue2589 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31305 http://secunia.com/advisories/31332 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31473 http://secunia.com/advisories/31518 http • CWE-190: Integer Overflow or Wraparound •
CVE-2008-1679 – python: imageop module integer overflows
https://notcve.org/view.php?id=CVE-2008-1679
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. Múltiples desbordamientos de entero en imageop.c de Python versiones anteriores a 2.5.3 permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de imágenes manipuladas que disparan desbordamientos de búfer basado en montículo. NOTA: esta cuestión es debida a una corrección incompleta para CVE-2007-4965. • http://bugs.python.org/issue1179 http://bugs.python.org/msg64682 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia. • CWE-190: Integer Overflow or Wraparound •
CVE-2008-1887 – python: PyString_FromStringAndSize does not check for negative size values
https://notcve.org/view.php?id=CVE-2008-1887
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. Python versión 2.5.2 y anteriores, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de varios vectores que causan que se proporcione un valor de tamaño negativo a la función PyString_FromStringAndSize, que asigna menos memoria de la esperada cuando assert() está deshabilitado y desencadena un desbordamiento de búfer. • http://bugs.python.org/issue2587 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29889 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia.com/advisories/31687 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://securit • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2008-1721 – Python zlib Module - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1721
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. Error de signo en entero en el módulo de extensión zlib en Python 2.5.2 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un entero negativo, lo que provoca una asignación insuficiente de memoria y un desbordamiento de búfer. • https://www.exploit-db.com/exploits/31634 http://bugs.python.org/issue2586 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http:& • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2007-4965 – Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4965
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. Múltiples desbordamientos de entero en el módulo imageop de Python 2.5.1 y anteriores permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída de aplicación) y posiblemente obtener información sensible (contenidos de memoria) mediante argumentos manipulados para (1) el método tovideo, y otros vectores no especificados relacionados con (2) imageop.c, (3) rbgimgmodule.c, y otros archivos, que disparan desbordamientos de búfer basado en montículo. • https://www.exploit-db.com/exploits/30592 http://bugs.gentoo.org/show_bug.cgi?id=192876 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://lists.vmware.com/pipermail/security-announce& • CWE-190: Integer Overflow or Wraparound •