Python 2.5.2 and prior

By Security Team on Monday, September 8th, 2008 in Security Notifications | Related Software Packages:

Affected Versions

Python 2.5.2 and earlier versions

Description of issues

Multiple buffer overflow vulnerabilities have been found in Python 2.5.2.

  • Potential integer overflows affect 1. stringobject, 2. unicodeobject, 3. bufferobject, 4. longobject, 5. tupleobject, 6. stropmodule, 7. gcmodule, and 8. mmapmodule modules.
  • Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to “partial hashlib hashing of data exceeding 4GB.”
  • Multiple buffer overflows in Python 2.5.2 and earlier on 32-bit platforms allow context-dependent attackers to cause a denial of service crash or have unspecified other impact via a long string that leads to incorrect memory allocation, during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
  • Multiple integer overflows affect Python before 2.5.2 through 1. Include/pymem.h; 2. _csv.c, 3. _struct.c, 4. arraymodule.c, 5. audioop.c, 6. binascii.c, 7. cPickle.c, 8. cStringIO.c, 9. cjkcodecs/multibytecodec.c, 10. datetimemodule.c, 11. md5.c, 12. rgbimgmodule.c, and 13. stropmodule.c in Modules/; 14. bufferobject.c, 15. listobject.c, and 16. obmalloc.c in Objects/; 17. Parser/node.c; and 18. asdl.c, 19. ast.c, 20. bltinmodule.c, and 21. compile.c in Python/, as addressed by “checks for integer overflows, contributed by Google.”
  • Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service memory corruption. or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

Resolution and Availability of Patch

The Python Software Foundation has not yet released a new version to address this issue. When an update becomes available, it will be included in the OLEX Certified Library.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifiers

  • CVE-2008-2315
  • CVE-2008-2316
  • CVE-2008-3142
  • CVE-2008-3143
  • CVE-2008-3144

Security Team

We'll keep you safe. Trust us, that's our job. Even though, contrary to what our Avatar might imply, we're not all linebackers. In fact, some of us are quite petite. And others of us wear high heeled boots. Red. Wondering whether we also know what we're talking about? C'mon -have you read any of these security posts?

Leave a Reply

© 2010 OpenLogic, Inc. | Licensing | Privacy Policy | Terms of Use