Description

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

Remediation

References

CVE-2008-3144

Related Vulnerabilities

OpenSSL Improper Authentication Vulnerability (CVE-2009-0591)

Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8)

Drupal Core 8.8.x Cross-Site Scripting (8.8.0 - 8.8.3)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

Python Incorrect Conversion between Numeric Types Vulnerability (CVE-2008-1721)

Severity

Medium

Classification

CVE-2008-3144 CWE-190

Tags

Missing Update Known Vulnerabilities