NVD Vulnerability Detail

CVE-2007-2052

Summary	Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Summary	Error de superación de límite (off-by-one) en la función PyLocale_strxfrm de Modules/_localemodule.c para Python 2.4 y 2.5 provoca que se utilice un tamaño de búfer incorrecto para la función strxfrm, lo cual permite a atacantes locales o remotos dependiendo del contexto leer porciones de memoria mediante manipulaciones desconocidas que disparan una lectura fuera de límite del búfer debido a la falta de una terminación null.
Publication Date	April 17, 2007, 7:19 a.m.
Registration Date	Jan. 29, 2021, 2:10 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:python:python:2.4.0:::::::*
cpe:2.3:a:python:python:2.5.0:::::::*

Related information, measures and tools

No	URL	refsource
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934	cve@mitre.org
2	http://lists.vmware.com/pipermail/security-announce/2008/000005.html	cve@mitre.org
3	http://secunia.com/advisories/25190	cve@mitre.org
4	http://secunia.com/advisories/25217	cve@mitre.org
5	http://secunia.com/advisories/25233	cve@mitre.org
6	http://secunia.com/advisories/25353	cve@mitre.org
7	http://secunia.com/advisories/25787	cve@mitre.org
8	http://secunia.com/advisories/28027	cve@mitre.org
9	http://secunia.com/advisories/28050	cve@mitre.org
10	http://secunia.com/advisories/29032	cve@mitre.org
11	http://secunia.com/advisories/29303	cve@mitre.org
12	http://secunia.com/advisories/29889	cve@mitre.org
13	http://secunia.com/advisories/31255	cve@mitre.org
14	http://secunia.com/advisories/31492	cve@mitre.org
15	http://secunia.com/advisories/37471	cve@mitre.org
16	http://www.debian.org/security/2008/dsa-1551	cve@mitre.org
17	http://www.debian.org/security/2008/dsa-1620	cve@mitre.org
18	http://www.mandriva.com/security/advisories?name=MDKSA-2007:099	cve@mitre.org
19	http://www.novell.com/linux/security/advisories/2007_13_sr.html	cve@mitre.org
20	http://www.python.org/download/releases/2.5.1/NEWS.txt	cve@mitre.org
21	http://www.redhat.com/support/errata/RHSA-2007-1076.html	cve@mitre.org
22	http://www.redhat.com/support/errata/RHSA-2007-1077.html	cve@mitre.org
23	http://www.redhat.com/support/errata/RHSA-2008-0629.html	cve@mitre.org
24	http://www.securityfocus.com/archive/1/469294/30/6450/threaded	cve@mitre.org
25	http://www.securityfocus.com/archive/1/488457/100/0/threaded	cve@mitre.org
26	http://www.securityfocus.com/archive/1/507985/100/0/threaded	cve@mitre.org
27	http://www.securityfocus.com/bid/23887	cve@mitre.org
28	http://www.trustix.org/errata/2007/0019/	cve@mitre.org
29	http://www.ubuntu.com/usn/usn-585-1	cve@mitre.org
30	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	cve@mitre.org
31	http://www.vupen.com/english/advisories/2007/1465	cve@mitre.org
32	http://www.vupen.com/english/advisories/2008/0637	cve@mitre.org
33	http://www.vupen.com/english/advisories/2009/3316	cve@mitre.org
34	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093	cve@mitre.org
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/34060	cve@mitre.org
36	https://issues.rpath.com/browse/RPL-1358	cve@mitre.org
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716	cve@mitre.org
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353	cve@mitre.org
39	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934	af854a3a-2127-422b-91ae-364da2661108
40	http://lists.vmware.com/pipermail/security-announce/2008/000005.html	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/25190	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/25217	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/25233	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/25353	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/25787	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/28027	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/28050	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/29032	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/29303	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/29889	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/31255	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/31492	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/37471	af854a3a-2127-422b-91ae-364da2661108
54	http://www.debian.org/security/2008/dsa-1551	af854a3a-2127-422b-91ae-364da2661108
55	http://www.debian.org/security/2008/dsa-1620	af854a3a-2127-422b-91ae-364da2661108
56	http://www.mandriva.com/security/advisories?name=MDKSA-2007:099	af854a3a-2127-422b-91ae-364da2661108
57	http://www.novell.com/linux/security/advisories/2007_13_sr.html	af854a3a-2127-422b-91ae-364da2661108
58	http://www.python.org/download/releases/2.5.1/NEWS.txt	af854a3a-2127-422b-91ae-364da2661108
59	http://www.redhat.com/support/errata/RHSA-2007-1076.html	af854a3a-2127-422b-91ae-364da2661108
60	http://www.redhat.com/support/errata/RHSA-2007-1077.html	af854a3a-2127-422b-91ae-364da2661108
61	http://www.redhat.com/support/errata/RHSA-2008-0629.html	af854a3a-2127-422b-91ae-364da2661108
62	http://www.securityfocus.com/archive/1/469294/30/6450/threaded	af854a3a-2127-422b-91ae-364da2661108
63	http://www.securityfocus.com/archive/1/488457/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
64	http://www.securityfocus.com/archive/1/507985/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
65	http://www.securityfocus.com/bid/23887	af854a3a-2127-422b-91ae-364da2661108
66	http://www.trustix.org/errata/2007/0019/	af854a3a-2127-422b-91ae-364da2661108
67	http://www.ubuntu.com/usn/usn-585-1	af854a3a-2127-422b-91ae-364da2661108
68	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	af854a3a-2127-422b-91ae-364da2661108
69	http://www.vupen.com/english/advisories/2007/1465	af854a3a-2127-422b-91ae-364da2661108
70	http://www.vupen.com/english/advisories/2008/0637	af854a3a-2127-422b-91ae-364da2661108
71	http://www.vupen.com/english/advisories/2009/3316	af854a3a-2127-422b-91ae-364da2661108
72	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093	af854a3a-2127-422b-91ae-364da2661108
73	https://exchange.xforce.ibmcloud.com/vulnerabilities/34060	af854a3a-2127-422b-91ae-364da2661108
74	https://issues.rpath.com/browse/RPL-1358	af854a3a-2127-422b-91ae-364da2661108
75	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716	af854a3a-2127-422b-91ae-364da2661108
76	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-193	境界条件の判定	https://cwe.mitre.org/data/definitions/193.html