Vulnerability CVE-2007-2052: Information

Description

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-2052
Published: April 17, 2007
Modified: Aug. 2, 2023
Error type identifier: CWE-193

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
  • Third Party Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093
  • Issue Tracking
http://www.python.org/download/releases/2.5.1/NEWS.txt
  • Broken Link
  • Vendor Advisory
23887
  • Third Party Advisory
  • VDB Entry
25190
  • Broken Link
25217
  • Broken Link
https://issues.rpath.com/browse/RPL-1358
  • Third Party Advisory
25233
  • Broken Link
MDKSA-2007:099
  • Broken Link
  • Third Party Advisory
RHSA-2007:1076
  • Third Party Advisory
RHSA-2007:1077
  • Third Party Advisory
SUSE-SR:2007:013
  • Third Party Advisory
2007-0019
  • Third Party Advisory
25353
  • Broken Link
25787
  • Broken Link
28027
  • Broken Link
28050
  • Broken Link
[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
  • Third Party Advisory
29032
  • Broken Link
USN-585-1
  • Third Party Advisory
29303
  • Broken Link
DSA-1551
  • Third Party Advisory
29889
  • Broken Link
DSA-1620
  • Third Party Advisory
31255
  • Broken Link
RHSA-2008:0629
  • Third Party Advisory
31492
  • Broken Link
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
  • Broken Link
  • Third Party Advisory
ADV-2009-3316
  • Broken Link
  • Third Party Advisory
37471
  • Third Party Advisory
ADV-2007-1465
  • Broken Link
  • Third Party Advisory
ADV-2008-0637
  • Broken Link
  • Third Party Advisory
python-localemodule-information-disclosure(34060)
  • VDB Entry
oval:org.mitre.oval:def:8353
  • Broken Link
oval:org.mitre.oval:def:11716
  • Broken Link
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
  • Third Party Advisory
  • VDB Entry
20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
  • Third Party Advisory
  • VDB Entry
20070521 FLEA-2007-0019-1: python
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
      cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top