CVE-2008-1721
HIGH severity · CVSS 7.5 · CWE-681
7.5CVSS HIGH
Summary
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)23%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://bugs.python.org/issue2586Advisory
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlAdvisory
- http://secunia.com/advisories/29889
- http://secunia.com/advisories/29955
- http://secunia.com/advisories/30872
- http://secunia.com/advisories/31255
- http://secunia.com/advisories/31358
- http://secunia.com/advisories/31365