Date: Thu, 10 Apr 2008 14:38:52 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Jonathan Smith <smithj@...ethemallocs.com> cc: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: buffer overflow in Python zlib extension module Cute. ====================================================== Name: CVE-2008-1721 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 Reference: BUGTRAQ:20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490690/100/0/threaded Reference: CONFIRM:http://bugs.python.org/issue2586 Reference: BID:28715 Reference: URL:http://www.securityfocus.com/bid/28715 Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.