ID CVE-2008-2316
Summary Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
References
Vulnerable Configurations
  • cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2018 - 20:40)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2009-02-12
bid 30491
bugtraq 20080813 rPSA-2008-0243-1 idle python
confirm
gentoo GLSA-200807-16
mandriva MDVSA-2008:163
secunia
  • 31305
  • 31332
  • 31358
  • 31365
  • 31473
  • 31518
  • 31687
  • 33937
slackware SSA:2008-217-01
suse SUSE-SR:2008:017
ubuntu USN-632-1
vupen ADV-2008-2288
xf
  • python-hashlib-overflow(44174)
  • python-multiple-bo(44173)
statements via4
contributor Tomas Hoger
lastmodified 2008-08-04
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.
Last major update 11-10-2018 - 20:40
Published 01-08-2008 - 14:41
Back to Top