CVE-2008-2316

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.gentoo.org/attachment.cgi?id=159422&action=view	Exploit
http://bugs.gentoo.org/show_bug.cgi?id=230640	Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Third Party Advisory
http://secunia.com/advisories/31305	Broken Link
http://secunia.com/advisories/31332	Broken Link
http://secunia.com/advisories/31358	Broken Link
http://secunia.com/advisories/31365	Broken Link
http://secunia.com/advisories/31473	Broken Link
http://secunia.com/advisories/31518	Broken Link
http://secunia.com/advisories/31687	Broken Link
http://secunia.com/advisories/33937	Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xml	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289	Third Party Advisory
http://support.apple.com/kb/HT3438	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0243	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163	Third Party Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	Third Party Advisory
http://www.securityfocus.com/archive/1/495445/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30491	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-632-1	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2288	Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173	VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44174	VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

History

02 Aug 2023, 18:52

Type	Values Removed	Values Added
First Time		Python Python python
References	~~(SECUNIA) http://secunia.com/advisories/31358 -~~	(SECUNIA) http://secunia.com/advisories/31358 - Broken Link
References	~~(CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0243 -~~	(CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0243 - Third Party Advisory
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-200807-16.xml -~~	(GENTOO) http://security.gentoo.org/glsa/glsa-200807-16.xml - Third Party Advisory
References	~~(VUPEN) http://www.vupen.com/english/advisories/2008/2288 -~~	(VUPEN) http://www.vupen.com/english/advisories/2008/2288 - Broken Link, Third Party Advisory
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44174 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44174 - VDB Entry
References	~~(BUGTRAQ) http://www.securityfocus.com/archive/1/495445/100/0/threaded -~~	(BUGTRAQ) http://www.securityfocus.com/archive/1/495445/100/0/threaded - Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/30491 -~~	(BID) http://www.securityfocus.com/bid/30491 - Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/31332 -~~	(SECUNIA) http://secunia.com/advisories/31332 - Broken Link
References	~~(CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=230640 -~~	(CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=230640 - Third Party Advisory
References	~~(UBUNTU) http://www.ubuntu.com/usn/usn-632-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/usn-632-1 - Third Party Advisory
References	~~(CONFIRM) http://support.apple.com/kb/HT3438 -~~	(CONFIRM) http://support.apple.com/kb/HT3438 - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory
References	~~(CONFIRM) http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 -~~	(CONFIRM) http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/31473 -~~	(SECUNIA) http://secunia.com/advisories/31473 - Broken Link
References	~~(SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 -~~	(SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/33937 -~~	(SECUNIA) http://secunia.com/advisories/33937 - Broken Link
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/31687 -~~	(SECUNIA) http://secunia.com/advisories/31687 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/31365 -~~	(SECUNIA) http://secunia.com/advisories/31365 - Broken Link
References	~~(APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html -~~	(APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 - VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/31518 -~~	(SECUNIA) http://secunia.com/advisories/31518 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/31305 -~~	(SECUNIA) http://secunia.com/advisories/31305 - Broken Link
CPE	cpe:2.3:a:python_software_foundation:python:2.5.1:::::::* cpe:2.3:a:python_software_foundation:python:2.1.3:::::::* cpe:2.3:a:python_software_foundation:python:2.4.5:::::::* cpe:2.3:a:python_software_foundation:python:2.2.3:::::::* cpe:2.3:a:python_software_foundation:python:1.5.2:::::::* cpe:2.3:a:python_software_foundation:python:1.6.1:::::::* cpe:2.3:a:python_software_foundation:python:2.3.7:::::::* cpe:2.3:a:python_software_foundation:python:2.5.2:::::::* cpe:2.3:a:python_software_foundation:python:2.0.1:::::::*	cpe:2.3:a:python:python::::::::

Information

Published : 2008-08-01 14:41

Updated : 2023-12-10 10:51

NVD link : CVE-2008-2316

Mitre link : CVE-2008-2316

CVE.ORG link : CVE-2008-2316

JSON object : View

Products Affected

python

python

CWE

CWE-189

Numeric Errors

{"id": "CVE-2008-2316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-01T14:41:00.000", "references": [{"url": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=230640", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31305", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31332", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31358", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31365", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31473", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31518", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31687", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200807-16.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3438", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0243", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495445/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-632-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2288", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174", "tags": ["VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\""}, {"lang": "es", "value": "Desbordamiento de entero en _hashopenssl.c en el m\u00f3dulo hashlib en Python 2.5.2 y anteriores. Podr\u00eda permitir a atacantes dependientes del contexto vencer res\u00famenes criptogr\u00e1ficos, relativos a \"comprobaci\u00f3n parcial hashlib de datos que exceden de 4GB.\""}], "lastModified": "2023-08-02T18:52:37.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E0806D1-04EA-492A-8587-1886F47ECC80", "versionEndIncluding": "2.5.2"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.", "lastModified": "2008-08-04T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}