CVE Vulnerabilities

CVE-2008-1721

Incorrect Conversion between Numeric Types

Published: Apr 10, 2008 | Modified: Jul 05, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

Weakness

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Affected Software

Name Vendor Start Version End Version
Python Python 2.4.0 *
Python Python 2.5.0 2.5.2

Potential Mitigations

References