漏洞信息详情

Python zlib模块数字错误漏洞

• CNNVD编号：CNNVD-200804-140
• 危害等级： 中危
  
• CVE编号： CVE-2008-1721
• 漏洞类型： 数字错误
• 发布时间： 2008-04-10
• 威胁类型： 远程
• 更新时间： 2022-07-06
• 厂        商： python_software_foundation
• 漏洞来源： Justin Ferguson jf...

漏洞简介

Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。

Python的zlib扩展模块中用于flush解压流的方式获取一个输入参数来确定应flush多少数据。这个参数是一个有符型整数，没有经过过滤检查，因此如果传送了负值的话就会导致错误的内存分配，然后有符型整数会被转换为无符整数，触发缓冲区溢出。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://svn.python.org/view?rev=62235&view=rev

参考网址

来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Feb/msg00000.HTML

来源:BID

链接:https://www.securityfocus.com/bid/28715

来源:CONFIRM

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149

来源:SECUNIA

链接:http://secunia.com/advisories/29889

来源:CONFIRM

链接:https://www.vmware.com/security/advisories/VMSA-2009-0016.HTML

来源:SECUNIA

链接:http://secunia.com/advisories/37471

来源:CONFIRM

链接:http://support.avaya.com/CSS/P8/documents/100074697

来源:DEBIAN

链接:https://www.debian.org/security/2008/dsa-1551

来源:SECUNIA

链接:http://secunia.com/advisories/31365

来源:SECUNIA

链接:http://secunia.com/advisories/30872

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/490690/100/0/threaded

来源:MANDRIVA

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:085

来源:SECUNIA

链接:http://secunia.com/advisories/29955

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407

来源:CONFIRM

链接:https://issues.rpath.com/browse/RPL-2444

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2008/1229/references

来源:SECUNIA

链接:http://secunia.com/advisories/38675

来源:SLACKWARE

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

来源:SECUNIA

链接:http://secunia.com/advisories/31255

来源:SECTRACK

链接:http://www.securitytracker.com/id?1019823

来源:CONFIRM

链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3438

来源:SECUNIA

链接:http://secunia.com/advisories/31358

来源:DEBIAN

链接:https://www.debian.org/security/2008/dsa-1620

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/507985/100/0/threaded

来源:SREASON

链接:http://securityreason.com/securityalert/3802

来源:UBUNTU

链接:http://www.ubuntu.com/usn/usn-632-1

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249

来源:CONFIRM

链接:http://bugs.python.org/issue2586

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/41748

来源:SECUNIA

链接:http://secunia.com/advisories/33937

来源:GENTOO

链接:http://security.gentoo.org/glsa/glsa-200807-01.xml

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2009/3316

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0296/

受影响实体

• Python_software_foundation Python:2.5.2  

补丁

暂无