NVD Vulnerability Detail

CVE-2008-2315

Summary	Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Summary	Múltiples desbordamientos de enteros en Python 2.5.2 y anteriores. Permite a atacantes dependientes de contexto a tener un impacto desconocido a través de vectores relacionados con el (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, y los módulos (6) stropmodule, (7) gcmodule, and (8) mmapmodule.
Publication Date	Aug. 1, 2008, 11:41 p.m.
Registration Date	Jan. 29, 2021, 1:36 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:python:python::::::::			2.5.2

Related information, measures and tools

No	URL	refsource
1	http://bugs.gentoo.org/attachment.cgi?id=159418&action=view	cve@mitre.org
2	http://bugs.gentoo.org/show_bug.cgi?id=230640	cve@mitre.org
3	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	cve@mitre.org
4	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	cve@mitre.org
5	http://secunia.com/advisories/31305	cve@mitre.org
6	http://secunia.com/advisories/31332	cve@mitre.org
7	http://secunia.com/advisories/31358	cve@mitre.org
8	http://secunia.com/advisories/31365	cve@mitre.org
9	http://secunia.com/advisories/31518	cve@mitre.org
10	http://secunia.com/advisories/31687	cve@mitre.org
11	http://secunia.com/advisories/32793	cve@mitre.org
12	http://secunia.com/advisories/33937	cve@mitre.org
13	http://secunia.com/advisories/37471	cve@mitre.org
14	http://secunia.com/advisories/38675	cve@mitre.org
15	http://security.gentoo.org/glsa/glsa-200807-16.xml	cve@mitre.org
16	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289	cve@mitre.org
17	http://support.apple.com/kb/HT3438	cve@mitre.org
18	http://support.avaya.com/css/P8/documents/100074697	cve@mitre.org
19	http://www.debian.org/security/2008/dsa-1667	cve@mitre.org
20	http://www.mandriva.com/security/advisories?name=MDVSA-2008:163	cve@mitre.org
21	http://www.mandriva.com/security/advisories?name=MDVSA-2008:164	cve@mitre.org
22	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	cve@mitre.org
23	http://www.openwall.com/lists/oss-security/2008/11/05/2	cve@mitre.org
24	http://www.openwall.com/lists/oss-security/2008/11/05/3	cve@mitre.org
25	http://www.securityfocus.com/archive/1/507985/100/0/threaded	cve@mitre.org
26	http://www.securityfocus.com/bid/30491	cve@mitre.org
27	http://www.ubuntu.com/usn/usn-632-1	cve@mitre.org
28	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	cve@mitre.org
29	http://www.vupen.com/english/advisories/2008/2288	cve@mitre.org
30	http://www.vupen.com/english/advisories/2009/3316	cve@mitre.org
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/44172	cve@mitre.org
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/44173	cve@mitre.org
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445	cve@mitre.org
34	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683	cve@mitre.org
35	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761	cve@mitre.org
36	http://bugs.gentoo.org/attachment.cgi?id=159418&action=view	af854a3a-2127-422b-91ae-364da2661108
37	http://bugs.gentoo.org/show_bug.cgi?id=230640	af854a3a-2127-422b-91ae-364da2661108
38	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
39	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/31305	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/31332	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/31358	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/31365	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/31518	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/31687	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/32793	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/33937	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/37471	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/38675	af854a3a-2127-422b-91ae-364da2661108
50	http://security.gentoo.org/glsa/glsa-200807-16.xml	af854a3a-2127-422b-91ae-364da2661108
51	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289	af854a3a-2127-422b-91ae-364da2661108
52	http://support.apple.com/kb/HT3438	af854a3a-2127-422b-91ae-364da2661108
53	http://support.avaya.com/css/P8/documents/100074697	af854a3a-2127-422b-91ae-364da2661108
54	http://www.debian.org/security/2008/dsa-1667	af854a3a-2127-422b-91ae-364da2661108
55	http://www.mandriva.com/security/advisories?name=MDVSA-2008:163	af854a3a-2127-422b-91ae-364da2661108
56	http://www.mandriva.com/security/advisories?name=MDVSA-2008:164	af854a3a-2127-422b-91ae-364da2661108
57	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	af854a3a-2127-422b-91ae-364da2661108
58	http://www.openwall.com/lists/oss-security/2008/11/05/2	af854a3a-2127-422b-91ae-364da2661108
59	http://www.openwall.com/lists/oss-security/2008/11/05/3	af854a3a-2127-422b-91ae-364da2661108
60	http://www.securityfocus.com/archive/1/507985/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
61	http://www.securityfocus.com/bid/30491	af854a3a-2127-422b-91ae-364da2661108
62	http://www.ubuntu.com/usn/usn-632-1	af854a3a-2127-422b-91ae-364da2661108
63	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	af854a3a-2127-422b-91ae-364da2661108
64	http://www.vupen.com/english/advisories/2008/2288	af854a3a-2127-422b-91ae-364da2661108
65	http://www.vupen.com/english/advisories/2009/3316	af854a3a-2127-422b-91ae-364da2661108
66	https://exchange.xforce.ibmcloud.com/vulnerabilities/44172	af854a3a-2127-422b-91ae-364da2661108
67	https://exchange.xforce.ibmcloud.com/vulnerabilities/44173	af854a3a-2127-422b-91ae-364da2661108
68	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445	af854a3a-2127-422b-91ae-364da2661108
69	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683	af854a3a-2127-422b-91ae-364da2661108
70	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

JVN Vulnerability Information

Python における整数オーバーフローの脆弱性

Title	Python における整数オーバーフローの脆弱性
Summary	Python には、stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule モジュールに関連する整数オーバーフローの脆弱性が存在します。
Possible impacts	この脆弱性による影響の詳細は不明です。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 1, 2008, midnight
Registration Date	March 17, 2009, 12:05 p.m.
Last Update	Jan. 19, 2010, 3:48 p.m.

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

RHEL Desktop Workstation 5 (client)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5.6

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5.6

Python Software Foundation

Python 2.5.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-2315	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
National Vulnerability Database (NVD)
2	CVE-2008-2315	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2315

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3438	http://support.apple.com/kb/HT3438
Apple セキュリティアップデート
2	HT3438	http://support.apple.com/kb/HT3438?viewlocale=ja_JP
Asianux Technical Support Network
3	python-2.4.3-24.6.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=726
MIRACLE LINUX アップデート情報
4	1757	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1757
Python
5	Top Page	http://www.python.org/
Red Hat Security Advisory
6	RHSA-2009:1176	https://rhn.redhat.com/errata/RHSA-2009-1176.html
7	RHSA-2009:1177	https://rhn.redhat.com/errata/RHSA-2009-1177.html
8	RHSA-2009:1178	https://rhn.redhat.com/errata/RHSA-2009-1178.html
Sun Alert Notification
9	273570	http://sunsolve.sun.com/search/document.do?assetkey=1-66-273570-1
レッドハットセキュリティーアップデート
10	RHSA-2009:1176	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1176J.html
11	RHSA-2009:1177	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1177J.html
12	RHSA-2009:1178	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1178J.html

その他

No	Name	URL
ISS X-Force Database
1	44172	http://xforce.iss.net/xforce/xfdb/44172
Secunia Advisory
2	SA31305	http://secunia.com/advisories/31305
3	SA33937	http://secunia.com/advisories/33937
SecurityFocus
4	30491	http://www.securityfocus.com/bid/30491
VUPEN Security
5	VUPEN/ADV-2008-2288	http://www.vupen.com/english/advisories/2008/2288

Change Log

No	Changed Details	Date of change
0	[2009年03月17日] 掲載 [2009年08月20日] 影響を受けるシステム：ミラクル・リナックス (1757) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1176) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1177) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1178) の情報を追加ベンダ情報：ミラクル・リナックス (1757) を追加ベンダ情報：レッドハット (RHSA-2009:1176) を追加ベンダ情報：レッドハット (RHSA-2009:1177) を追加ベンダ情報：レッドハット (RHSA-2009:1178) を追加 [2009年10月06日] 影響を受けるシステム：ミラクル・リナックス (python-2.4.3-24.6.1AXS3) の情報を追加ベンダ情報：ミラクル・リナックス (python-2.4.3-24.6.1AXS3) を追加 [2010年01月19日] 影響を受けるシステム：サン・マイクロシステムズ (273570) の情報を追加ベンダ情報：サン・マイクロシステムズ (273570) を追加	Feb. 17, 2018, 10:37 a.m.