Vulnerability-Lookup

CVE-2008-1887 (GCVE-0-2008-1887)

Vulnerability from cvelistv5 – Published: 2008-04-18 17:00 – Updated: 2024-08-07 08:40

Summary

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://bugs.python.org/issue2587	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200807-01.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/30872	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/506056/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/33937	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/31687	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/490776	mailing-listx_refsource_BUGTRAQ
	http://www.debian.org/security/2008/dsa-1551	vendor-advisoryx_refsource_DEBIAN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28749	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/usn-632-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/31518	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31365	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31255	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/support/search.do?cmd=displ…	x_refsource_CONFIRM
	http://www.debian.org/security/2008/dsa-1620	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29889	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:40:59.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2008:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.python.org/issue2587"
          },
          {
            "name": "GLSA-200807-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
          },
          {
            "name": "30872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30872"
          },
          {
            "name": "20090824 rPSA-2009-0122-1 idle python",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "oval:org.mitre.oval:def:8624",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "python-pystringfromstringandsize-bo(41944)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
          },
          {
            "name": "31687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "oval:org.mitre.oval:def:10407",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
          },
          {
            "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490776"
          },
          {
            "name": "DSA-1551",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
          },
          {
            "name": "28749",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28749"
          },
          {
            "name": "USN-632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-632-1"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "31518",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31518"
          },
          {
            "name": "31365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31365"
          },
          {
            "name": "31255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31255"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
          },
          {
            "name": "DSA-1620",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1620"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "29889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29889"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2008:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.python.org/issue2587"
        },
        {
          "name": "GLSA-200807-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
        },
        {
          "name": "30872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30872"
        },
        {
          "name": "20090824 rPSA-2009-0122-1 idle python",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "name": "oval:org.mitre.oval:def:8624",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "python-pystringfromstringandsize-bo(41944)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
        },
        {
          "name": "31687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31687"
        },
        {
          "name": "oval:org.mitre.oval:def:10407",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
        },
        {
          "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490776"
        },
        {
          "name": "DSA-1551",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
        },
        {
          "name": "28749",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28749"
        },
        {
          "name": "USN-632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-632-1"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "31518",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31518"
        },
        {
          "name": "31365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31365"
        },
        {
          "name": "31255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31255"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
        },
        {
          "name": "DSA-1620",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1620"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "29889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29889"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "http://bugs.python.org/issue2587",
              "refsource": "CONFIRM",
              "url": "http://bugs.python.org/issue2587"
            },
            {
              "name": "GLSA-200807-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
            },
            {
              "name": "30872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30872"
            },
            {
              "name": "20090824 rPSA-2009-0122-1 idle python",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "oval:org.mitre.oval:def:8624",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "python-pystringfromstringandsize-bo(41944)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "oval:org.mitre.oval:def:10407",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
            },
            {
              "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490776"
            },
            {
              "name": "DSA-1551",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1551"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
            },
            {
              "name": "28749",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28749"
            },
            {
              "name": "USN-632-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-632-1"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "31518",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31518"
            },
            {
              "name": "31365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31365"
            },
            {
              "name": "31255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31255"
            },
            {
              "name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
            },
            {
              "name": "DSA-1620",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1620"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "29889",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29889"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1887",
    "datePublished": "2008-04-18T17:00:00.000Z",
    "dateReserved": "2008-04-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:40:59.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2008-1887

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1887

Aliases

CVE-2008-1887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1887",
    "description": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.",
    "id": "GSD-2008-1887",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-1887.html",
      "https://www.debian.org/security/2008/dsa-1620",
      "https://www.debian.org/security/2008/dsa-1551",
      "https://access.redhat.com/errata/RHSA-2009:1178",
      "https://access.redhat.com/errata/RHSA-2009:1177",
      "https://access.redhat.com/errata/RHSA-2009:1176",
      "https://linux.oracle.com/cve/CVE-2008-1887.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1887"
      ],
      "details": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.",
      "id": "GSD-2008-1887",
      "modified": "2023-12-13T01:23:03.577318Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2008:017",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "name": "http://bugs.python.org/issue2587",
            "refsource": "CONFIRM",
            "url": "http://bugs.python.org/issue2587"
          },
          {
            "name": "GLSA-200807-01",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
          },
          {
            "name": "30872",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30872"
          },
          {
            "name": "20090824 rPSA-2009-0122-1 idle python",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
          },
          {
            "name": "33937",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "oval:org.mitre.oval:def:8624",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
          },
          {
            "name": "37471",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "python-pystringfromstringandsize-bo(41944)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
          },
          {
            "name": "31687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "oval:org.mitre.oval:def:10407",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
          },
          {
            "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/490776"
          },
          {
            "name": "DSA-1551",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1551"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3438",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
          },
          {
            "name": "28749",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28749"
          },
          {
            "name": "USN-632-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-632-1"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "31518",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31518"
          },
          {
            "name": "31365",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31365"
          },
          {
            "name": "31255",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31255"
          },
          {
            "name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900",
            "refsource": "CONFIRM",
            "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
          },
          {
            "name": "DSA-1620",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1620"
          },
          {
            "name": "ADV-2009-3316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "29889",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29889"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/490776"
            },
            {
              "name": "http://bugs.python.org/issue2587",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "http://bugs.python.org/issue2587"
            },
            {
              "name": "DSA-1551",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1551"
            },
            {
              "name": "29889",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/29889"
            },
            {
              "name": "28749",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/28749"
            },
            {
              "name": "GLSA-200807-01",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
            },
            {
              "name": "USN-632-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/usn-632-1"
            },
            {
              "name": "DSA-1620",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1620"
            },
            {
              "name": "30872",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/30872"
            },
            {
              "name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
            },
            {
              "name": "31518",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/31518"
            },
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "31255",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/31255"
            },
            {
              "name": "31365",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/31365"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "python-pystringfromstringandsize-bo(41944)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
            },
            {
              "name": "oval:org.mitre.oval:def:8624",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
            },
            {
              "name": "oval:org.mitre.oval:def:10407",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "20090824 rPSA-2009-0122-1 idle python",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-06-27T16:33Z",
      "publishedDate": "2008-04-18T17:05Z"
    }
  }
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

CERTA-2008-AVI-345

Vulnerability from certfr_avis - Published: 2008-07-02 - Updated: 2008-07-02

None

Description

Plusieurs vulnérabilités de type débordement de mémoire ont été découvertes dans l'interpréteur de commandes Python. Elles permettent à un utilisateur distant malintentionné de porter atteinte à la confidentialité des données, de provoquer un déni de service ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Python	Python	Python 2.4.

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA-200807-01 du 01 juillet 2008	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA-200807-01 du 02 juillet 2008 :	-	other
Bulletin de sécurité Debian DSA 1551 du 19 avril 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Python 2.4.",
      "product": {
        "name": "Python",
        "vendor": {
          "name": "Python",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire ont \u00e9t\u00e9\nd\u00e9couvertes dans l\u0027interpr\u00e9teur de commandes Python. Elles permettent \u00e0\nun utilisateur distant malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1679"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    }
  ],
  "initial_release_date": "2008-07-02T00:00:00",
  "last_revision_date": "2008-07-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200807-01 du 02 juillet    2008 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-01.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1551 du 19 avril 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1551"
    }
  ],
  "reference": "CERTA-2008-AVI-345",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Python",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200807-01 du 01 juillet 2008",
      "url": null
    }
  ]
}

CERTA-2009-AVI-068

Vulnerability from certfr_avis - Published: 2009-02-13 - Updated: 2009-02-13

De multiples vulnérabilités ont été découvertes dans le système Mac OS X d'Apple. L'exploitation de ces vulnérabilités permet un grand nombre d'actions, dont l'exécution de code arbitraire à distance.

Description

Apple vient de publier des mises à jour pour son système d'exploitation Mac OS X. Ces correctifs concernent la mise à jour de plusieurs applicatifs :

AFP Server ;
Apple Pixlet Video ;
Carbon Core ;
CFNetwork ;
Certificate Assistant ;
ClamAV ;
CoreText ;
CUPS ;
DS Tools ;
fetchmail ;
Folder Manager ;
FSEvents ;
Network Time ;
perl ;
Printing ;
python ;
Remote Apple Events ;
Safari RSS ;
servermgrd ;
SMB ;
SquirrelMail ;
X11 ;
Xterm.

L'exploitation des différentes vulnérabilités permet d'effectuer un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Mac OS X versions 10.5.6 et antérieures ;
	Apple	N/A	Mac OS X versions 10.4.11 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2009-001 du 12 février 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3438 du 12 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X versions 10.5.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions 10.4.11 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nApple vient de publier des mises \u00e0 jour pour son syst\u00e8me d\u0027exploitation\nMac OS X. Ces correctifs concernent la mise \u00e0 jour de plusieurs\napplicatifs :\n\n-   AFP Server ;\n-   Apple Pixlet Video ;\n-   Carbon Core ;\n-   CFNetwork ;\n-   Certificate Assistant ;\n-   ClamAV ;\n-   CoreText ;\n-   CUPS ;\n-   DS Tools ;\n-   fetchmail ;\n-   Folder Manager ;\n-   FSEvents ;\n-   Network Time ;\n-   perl ;\n-   Printing ;\n-   python ;\n-   Remote Apple Events ;\n-   Safari RSS ;\n-   servermgrd ;\n-   SMB ;\n-   SquirrelMail ;\n-   X11 ;\n-   Xterm.\n\nL\u0027exploitation des diff\u00e9rentes vuln\u00e9rabilit\u00e9s permet d\u0027effectuer un\ngrand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2316"
    },
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2379"
    },
    {
      "name": "CVE-2008-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1808"
    },
    {
      "name": "CVE-2009-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0020"
    },
    {
      "name": "CVE-2009-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0012"
    },
    {
      "name": "CVE-2008-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3663"
    },
    {
      "name": "CVE-2009-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0141"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2007-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4565"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2009-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0139"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0019"
    },
    {
      "name": "CVE-2008-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1679"
    },
    {
      "name": "CVE-2008-2711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2711"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2009-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0018"
    },
    {
      "name": "CVE-2009-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0140"
    },
    {
      "name": "CVE-2009-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0015"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2008-5050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5050"
    },
    {
      "name": "CVE-2006-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1861"
    },
    {
      "name": "CVE-2008-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
    },
    {
      "name": "CVE-2007-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1667"
    },
    {
      "name": "CVE-2008-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5183"
    },
    {
      "name": "CVE-2009-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0138"
    },
    {
      "name": "CVE-2009-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0014"
    },
    {
      "name": "CVE-2009-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0009"
    },
    {
      "name": "CVE-2009-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0137"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2009-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0142"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0011"
    },
    {
      "name": "CVE-2008-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5314"
    },
    {
      "name": "CVE-2008-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1807"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0013"
    },
    {
      "name": "CVE-2009-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0017"
    },
    {
      "name": "CVE-2006-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3467"
    },
    {
      "name": "CVE-2008-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1806"
    }
  ],
  "initial_release_date": "2009-02-13T00:00:00",
  "last_revision_date": "2009-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3438 du 12 f\u00e9vrier 2009 :",
      "url": "http://support.apple.com/kb/HT3438"
    }
  ],
  "reference": "CERTA-2009-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me Mac OS X\nd\u0027Apple. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet un grand nombre\nd\u0027actions, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2009-001 du 12 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

GHSA-G8M8-G2VW-F7JW

Vulnerability from github – Published: 2022-05-01 23:44 – Updated: 2022-05-01 23:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-18T17:05:00Z",
    "severity": "HIGH"
  },
  "details": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.",
  "id": "GHSA-g8m8-g2vw-f7jw",
  "modified": "2022-05-01T23:44:32Z",
  "published": "2022-05-01T23:44:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1887"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
    },
    {
      "type": "WEB",
      "url": "http://bugs.python.org/issue2587"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30872"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31365"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31518"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/490776"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28749"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-632-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-1887

Vulnerability from fkie_nvd - Published: 2008-04-18 17:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.python.org/issue2587	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29889	Not Applicable
cve@mitre.org	http://secunia.com/advisories/30872	Not Applicable
cve@mitre.org	http://secunia.com/advisories/31255	Not Applicable
cve@mitre.org	http://secunia.com/advisories/31365	Not Applicable
cve@mitre.org	http://secunia.com/advisories/31518	Not Applicable
cve@mitre.org	http://secunia.com/advisories/31687	Not Applicable
cve@mitre.org	http://secunia.com/advisories/33937	Not Applicable
cve@mitre.org	http://secunia.com/advisories/37471	Not Applicable
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200807-01.xml	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3438	Third Party Advisory
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122	Broken Link
cve@mitre.org	http://www.debian.org/security/2008/dsa-1551	Patch, Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1620	Patch, Third Party Advisory
cve@mitre.org	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/490776	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/506056/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/28749	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/usn-632-1	Third Party Advisory
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3316	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41944	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.python.org/issue2587	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29889	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30872	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31255	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31365	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31518	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31687	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33937	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200807-01.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3438	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1551	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1620	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490776	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/506056/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28749	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-632-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41944	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624	Third Party Advisory

Impacted products

Vendor	Product	Version
python	python	*
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
debian	debian_linux	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0806D1-04EA-492A-8587-1886F47ECC80",
              "versionEndIncluding": "2.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
    },
    {
      "lang": "es",
      "value": "Python versi\u00f3n 2.5.2 y anteriores, permite a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de varios vectores que causan que se proporcione un valor de tama\u00f1o negativo a la funci\u00f3n PyString_FromStringAndSize, que asigna menos memoria de la esperada cuando assert() est\u00e1 deshabilitado y desencadena un desbordamiento de b\u00fafer."
    }
  ],
  "id": "CVE-2008-1887",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-18T17:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.python.org/issue2587"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/30872"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31518"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/490776"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28749"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-632-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.python.org/issue2587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/30872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5032900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/490776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-632-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1887 (GCVE-0-2008-1887)

GSD-2008-1887

CERTA-2009-AVI-513

Description

Solution

CERTA-2008-AVI-345

Description

Solution

CERTA-2009-AVI-068

Description

Solution

GHSA-G8M8-G2VW-F7JW

FKIE_CVE-2008-1887

Tags

Sightings

Nomenclature