- Description
- Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "569FAD3A-17DF-424A-AF93-B0720D48D6B6"
},
{
"criteria": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02839080-EFB1-4F63-9D4E-45E26D82ECF5"
},
{
"criteria": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87B6E723-EC9D-44EF-9DB8-8A229E0ABBB5"
},
{
"criteria": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12D3CD4F-0C58-46F4-939D-FDF19BC98729"
}
],
"operator": "OR"
}
]
}
]