Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Apr 2008 14:38:52 -0400 (EDT)
From: "Steven M. Christey" <>
To: Jonathan Smith <>
        "Steven M. Christey" <>
Subject: Re: buffer overflow in Python zlib extension module


Name: CVE-2008-1721
Status: Candidate
Reference: BUGTRAQ:20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module
Reference: URL:
Reference: CONFIRM:
Reference: BID:28715
Reference: URL:

Integer signedness error in the zlib extension module in Python 2.5.2
and earlier allows remote attackers to execute arbitrary code via a
negative signed integer, which triggers insufficient memory allocation
and a buffer overflow.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.