CVE-2008-5031: expandtab() integer overflow

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by:

  • the string_expandtabs() function in Objects/stringobject.c
  • the unicode_expandtabs() function in Objects/unicodeobject.c

NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

  • Disclosure date: 2008-03-11 (commit date)
  • Reported by: Chris Evans

Fixed In

CVE-2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Timeline

Timeline using the disclosure date 2008-03-11 as reference:

  • 2008-03-11: Disclosure date (commit date)
  • 2008-03-11 (+0 days): commit 44a93e5
  • 2008-03-11 (+0 days): commit 5bdff60
  • 2008-03-16 (+5 days): commit dd15f6c
  • 2008-10-01: Python 2.6.0 released
  • 2008-11-10 (+244 days): CVE-2008-5031 published
  • 2008-12-03: Python 3.0.0 released
  • 2008-12-19 (+283 days): Python 2.5.3 released