CVE-2007-2052
Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Error de superación de límite (off-by-one) en la función PyLocale_strxfrm de Modules/_localemodule.c para Python 2.4 y 2.5 provoca que se utilice un tamaño de búfer incorrecto para la función strxfrm, lo cual permite a atacantes locales o remotos dependiendo del contexto leer porciones de memoria mediante manipulaciones desconocidas que disparan una lectura fuera de límite del búfer debido a la falta de una terminación null.
This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-04-16 CVE Reserved
- 2007-04-16 CVE Published
- 2013-12-04 First Exploit
- 2024-08-07 CVE Updated
- 2025-05-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-193: Off-by-one Error
CAPEC
References (41)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30018 | 2013-12-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1551 | 2023-08-02 | |
| http://www.debian.org/security/2008/dsa-1620 | 2023-08-02 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:099 | 2023-08-02 | |
| http://www.novell.com/linux/security/advisories/2007_13_sr.html | 2023-08-02 | |
| http://www.python.org/download/releases/2.5.1/NEWS.txt | 2023-08-02 | |
| http://www.redhat.com/support/errata/RHSA-2007-1076.html | 2023-08-02 | |
| http://www.redhat.com/support/errata/RHSA-2007-1077.html | 2023-08-02 | |
| http://www.redhat.com/support/errata/RHSA-2008-0629.html | 2023-08-02 | |
| http://www.trustix.org/errata/2007/0019 | 2023-08-02 | |
| http://www.ubuntu.com/usn/usn-585-1 | 2023-08-02 | |
| https://access.redhat.com/security/cve/CVE-2007-2052 | 2009-07-27 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=235093 | 2009-07-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.4.0 Search vendor "Python" for product "Python" and version "2.4.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.5.0 Search vendor "Python" for product "Python" and version "2.5.0" | - |
Affected
| ||||||