CVE-2008-2316 - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow con

CVE-2008-2316

Summary

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

References

Vulnerable Configurations

cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2018 - 20:40)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2009-02-12
bid	30491
bugtraq	20080813 rPSA-2008-0243-1 idle python
confirm	http://bugs.gentoo.org/attachment.cgi?id=159422&action=view http://bugs.gentoo.org/show_bug.cgi?id=230640 http://support.apple.com/kb/HT3438 http://wiki.rpath.com/Advisories:rPSA-2008-0243 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
gentoo	GLSA-200807-16
mandriva	MDVSA-2008:163
secunia	31305 31332 31358 31365 31473 31518 31687 33937
slackware	SSA:2008-217-01
suse	SUSE-SR:2008:017
ubuntu	USN-632-1
vupen	ADV-2008-2288
xf	python-hashlib-overflow(44174) python-multiple-bo(44173)

statements via4

contributor	Tomas Hoger
lastmodified	2008-08-04
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.

Last major update

11-10-2018 - 20:40

Published

01-08-2008 - 14:41

Last modified

11-10-2018 - 20:40