漏洞信息详情
Python zlib模块数字错误漏洞
- CNNVD编号:CNNVD-200804-140
- 危害等级: 中危
- CVE编号: CVE-2008-1721
- 漏洞类型: 数字错误
- 发布时间: 2008-04-10
- 威胁类型: 远程
- 更新时间: 2022-07-06
- 厂 商: python_software_foundation
- 漏洞来源: Justin Ferguson jf...
漏洞简介
Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。
Python的zlib扩展模块中用于flush解压流的方式获取一个输入参数来确定应flush多少数据。这个参数是一个有符型整数,没有经过过滤检查,因此如果传送了负值的话就会导致错误的内存分配,然后有符型整数会被转换为无符整数,触发缓冲区溢出。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://svn.python.org/view?rev=62235&view=rev
参考网址
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Feb/msg00000.HTML
来源:BID
链接:https://www.securityfocus.com/bid/28715
来源:CONFIRM
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149
来源:SECUNIA
链接:http://secunia.com/advisories/29889
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2009-0016.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/37471
来源:CONFIRM
链接:http://support.avaya.com/CSS/P8/documents/100074697
来源:DEBIAN
链接:https://www.debian.org/security/2008/dsa-1551
来源:SECUNIA
链接:http://secunia.com/advisories/31365
来源:SECUNIA
链接:http://secunia.com/advisories/30872
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/490690/100/0/threaded
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:085
来源:SECUNIA
链接:http://secunia.com/advisories/29955
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407
来源:CONFIRM
链接:https://issues.rpath.com/browse/RPL-2444
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/1229/references
来源:SECUNIA
链接:http://secunia.com/advisories/38675
来源:SLACKWARE
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
来源:SECUNIA
链接:http://secunia.com/advisories/31255
来源:SECTRACK
链接:http://www.securitytracker.com/id?1019823
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3438
来源:SECUNIA
链接:http://secunia.com/advisories/31358
来源:DEBIAN
链接:https://www.debian.org/security/2008/dsa-1620
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/507985/100/0/threaded
来源:SREASON
链接:http://securityreason.com/securityalert/3802
来源:UBUNTU
链接:http://www.ubuntu.com/usn/usn-632-1
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249
来源:CONFIRM
链接:http://bugs.python.org/issue2586
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/41748
来源:SECUNIA
链接:http://secunia.com/advisories/33937
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-200807-01.xml
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/3316
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0296/
受影响实体
- Python_software_foundation Python:2.5.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论