CVE-2008-5031: expandtab() integer overflow

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by:

  • the string_expandtabs() function in Objects/stringobject.c
  • the unicode_expandtabs() function in Objects/unicodeobject.c

NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

  • Disclosure date: 2008-03-11 (commit date)
  • Reported by: Chris Evans

Fixed In

CVE-2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Timeline

Timeline using the disclosure date 2008-03-11 as reference: