oss-sec mailing list archives
CVE Request - Python string expandtabs
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 05 Nov 2008 12:10:54 +0100
Hello! yesterday looked yet at the Python issues reported by Chris Evans at: http://scary.beasts.org/security/CESA-2008-008.html and found out, the issue: * Integer overflow in string expandtabs operation * PoC: s = 't\tt\t' str.expandtabs(s, 2147483647) still lacks its own separate CVE identifier. Different issue than CVE-2008-2315. Reasoning: ========= Integer overflows in stringobject.c and unicodeobject.c in Python 2.5.2 are part of CVE-2008-2315, but part of CVE-2008-2315 is also mention about patch: http://bugs.gentoo.org/attachment.cgi?id=159418&action=view which by itself is not sufficient to resolve this flaw. Upstream has applied the following patch: ========================================= http://svn.python.org/view?rev=61350&view=rev Have checked by above PoC that applying this patch solves this vulnerability. Affected Python versions: 2.2.3 <= x <= 2.5.1 ========================= Chris, can you confirm my investigation? Steve, could you allocate a new CVE id? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - Python string expandtabs Jan Lieskovsky (Nov 05)
- Re: CVE Request - Python string expandtabs Chris Evans (Nov 05)
- Re: CVE Request - Python string expandtabs Steven M. Christey (Nov 10)
- <Possible follow-ups>
- Re: CVE request - Python string expandtabs Will Drewry (Nov 10)
- Re: CVE Request - Python string expandtabs Chris Evans (Nov 05)