CVE-2004-0150
HIGH severity · CVSS 7.5 · Buffer overflow
7.5CVSS HIGH
Summary
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)5%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.debian.org/security/2004/dsa-458 ↗
Additional information
- NVD record
- http://www.debian.org/security/2004/dsa-458Patch
- http://www.securityfocus.com/bid/9836Patch
- http://www.gentoo.org/security/en/glsa/glsa-200409-03.xmlAdvisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019
- http://www.osvdb.org/4172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15409