expandtab() integer overflow¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by:
- the
string_expandtabs()
function inObjects/stringobject.c
- the
unicode_expandtabs()
function inObjects/unicodeobject.c
NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Dates:
- Disclosure date: 2008-03-11 (commit date)
- Reported by: Chris Evans
Fixed In¶
- Python 2.5.3 (2008-12-19) fixed by commit 44a93e5 (branch 2.5) (2008-03-11)
- Python 2.6.0 (2008-10-01) fixed by commit 5bdff60 (branch 2.6) (2008-03-11)
- Python 3.0.0 (2008-12-03) fixed by commit dd15f6c (branch 3.0) (2008-03-16)
CVE-2008-5031¶
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
- CVE ID: CVE-2008-5031
- Published: 2008-11-10
- CVSS Score: 10.0
Timeline¶
Timeline using the disclosure date 2008-03-11 as reference:
- 2008-03-11: Disclosure date (commit date)
- 2008-03-11: commit 44a93e5 (branch 2.5)
- 2008-03-11: commit 5bdff60 (branch 2.6)
- 2008-03-16 (+5 days): commit dd15f6c (branch 3.0)
- 2008-10-01: Python 2.6.0 released
- 2008-11-10 (+244 days): CVE-2008-5031 published
- 2008-12-03: Python 3.0.0 released
- 2008-12-19 (+283 days): Python 2.5.3 released