// For flags

CVE-2006-4980

python repr unicode buffer overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.

Desbordamiento de bufer en la función repr en Python 2.3 hasta la 2.6 anterior al 22/08/2006 permite a un atacante dependiente del contexto provocar denegación de servicio y posiblemente ejecutar código de su elección a través de secuencias anchas hechas a mano del carácter UTF-32/UCS-4 a ciertas secuencias de comandos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-09-25 CVE Reserved
  • 2006-10-09 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (42)
URL Tag Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589 Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162 Issue Tracking
http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html Third Party Advisory
http://secunia.com/advisories/22297 Broken Link
http://secunia.com/advisories/22357 Broken Link
http://secunia.com/advisories/22358 Broken Link
http://secunia.com/advisories/22379 Broken Link
http://secunia.com/advisories/22448 Broken Link
http://secunia.com/advisories/22487 Broken Link
http://secunia.com/advisories/22512 Broken Link
http://secunia.com/advisories/22531 Broken Link
http://secunia.com/advisories/22639 Broken Link
http://secunia.com/advisories/23680 Broken Link
http://secunia.com/advisories/31492 Broken Link
http://securitytracker.com/id?1017019 Third Party Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm Third Party Advisory
http://www.securityfocus.com/archive/1/448244/100/100/threaded Mailing List
http://www.securityfocus.com/archive/1/456546/100/200/threaded Mailing List
http://www.securityfocus.com/bid/20376 Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Third Party Advisory
http://www.vupen.com/english/advisories/2006/3940 Broken Link
http://www.vupen.com/english/advisories/2006/5131 Broken Link
http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29408 Broken Link
https://issues.rpath.com/browse/RPL-702 Third Party Advisory
https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10789 Broken Link
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 2023-08-02
http://secunia.com/advisories/22276 2023-08-02
http://secunia.com/advisories/22303 2023-08-02
URL Date SRC
http://security.gentoo.org/glsa/glsa-200610-07.xml 2023-08-02
http://www.debian.org/security/2006/dsa-1197 2023-08-02
http://www.debian.org/security/2006/dsa-1198 2023-08-02
http://www.mandriva.com/security/advisories?name=MDKSA-2006:181 2023-08-02
http://www.novell.com/linux/security/advisories/2006_25_sr.html 2023-08-02
http://www.redhat.com/support/errata/RHSA-2006-0713.html 2023-08-02
http://www.redhat.com/support/errata/RHSA-2008-0629.html 2023-08-02
http://www.ubuntu.com/usn/usn-359-1 2023-08-02
https://access.redhat.com/security/cve/CVE-2006-4980 2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=430641 2008-08-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 < 2.3.6
Search vendor "Python" for product "Python" and version " < 2.3.6"
-
Affected
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 >= 2.4.0 < 2.4.4
Search vendor "Python" for product "Python" and version " >= 2.4.0 < 2.4.4"
-
Affected