expandtab() integer overflow

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by:

  • the string_expandtabs() function in Objects/stringobject.c
  • the unicode_expandtabs() function in Objects/unicodeobject.c

NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Dates:

  • Disclosure date: 2008-03-11 (commit date)
  • Reported by: Chris Evans

Fixed In

CVE-2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Timeline

Timeline using the disclosure date 2008-03-11 as reference: