Your submission was sent successfully! Close

CVE-2008-1887

Published: 18 April 2008

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper
Released (2.4.3-0ubuntu6.2)
feisty
Released (2.4.4-2ubuntu7.2)
gutsy
Released (2.4.4-6ubuntu4.2)
hardy Not vulnerable

upstream Needs triage

python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (2.5.1-0ubuntu1.2)
gutsy
Released (2.5.1-5ubuntu5.2)
hardy Not vulnerable

upstream Needs triage