FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1721

This CVE name corresponds to:

Entered Topic
2008-04-25 python -- Integer Signedness Error in zlib Module

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1721 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1721
Phase Assigned(20080410)

Description

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

References

Source Reference
BUGTRAQ 20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module
CONFIRM http://bugs.python.org/issue2586
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149
CONFIRM https://issues.rpath.com/browse/RPL-2444
DEBIAN DSA-1551
MANDRIVA MDVSA-2008:085
BID 28715
FRSIRT ADV-2008-1229
SECTRACK 1019823
SECUNIA 29889
SECUNIA 29955
SREASON 3802

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.