CVE-2008-3143: Multiple integer overflows (Google)

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to:

  • Include/pymem.h
  • Modules/:
    • _csv.c
    • _struct.c
    • arraymodule.c
    • audioop.c
    • binascii.c
    • cPickle.c
    • cStringIO.c
    • datetimemodule.c
    • md5.c
    • rgbimgmodule.c
    • stropmodule.c
  • Modules/cjkcodecs/multibytecodec.c
  • Objects/:
    • bufferobject.c
    • listobject.c
    • obmalloc.c
  • Parser/node.c
  • Python/:
    • asdl.c
    • ast.c
    • bltinmodule.c
    • compile

as addressed by “checks for integer overflows, contributed by Google.”

  • Disclosure date: 2008-04-11 (Python issue #2620 reported)

Fixed In

Python issue

Multiple buffer overflows in unicode processing.

  • Python issue: issue #2620
  • Creation date: 2008-04-11
  • Reporter: Justin Ferguson

CVE-2008-3143

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by “checks for integer overflows, contributed by Google.”

Timeline

Timeline using the disclosure date 2008-04-11 as reference:

  • 2008-04-11: Python issue #2620 reported by Justin Ferguson
  • 2008-07-22 (+102 days): commit 0470bab
  • 2008-07-23 (+103 days): commit d492ad8
  • 2008-07-28 (+108 days): commit 83ac014
  • 2008-08-01 (+112 days): CVE-2008-3143 published
  • 2008-10-01: Python 2.6.0 released
  • 2008-12-03: Python 3.0.0 released
  • 2008-12-19 (+252 days): Python 2.5.3 released