Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-2052

Disclosure Date: April 16, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

python

Products

python 2.4.0,
python 2.5.0

References

Canonical

CVE-2007-2052 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052)

BID-23887 (http://www.securityfocus.com/bid/23887)

Advisory

[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (http://lists.vmware.com/pipermail/security-announce/2008/000005.html)

SECUNIA-28050 (http://secunia.com/advisories/28050)

SECUNIA-25190 (http://secunia.com/advisories/25190)

SECUNIA-25217 (http://secunia.com/advisories/25217)

SECUNIA-37471 (http://secunia.com/advisories/37471)

http://www.python.org/download/releases/2.5.1/NEWS.txt

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934

DSA-1551 (http://www.debian.org/security/2008/dsa-1551)

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

SECUNIA-29303 (http://secunia.com/advisories/29303)

ADV-2007-1465 (http://www.vupen.com/english/advisories/2007/1465)

SECUNIA-29032 (http://secunia.com/advisories/29032)

SECUNIA-31492 (http://secunia.com/advisories/31492)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353

20070521 FLEA-2007-0019-1: python (http://www.securityfocus.com/archive/1/469294/30/6450/threaded)

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.redhat.com/support/errata/RHSA-2007-1077.html

20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (http://www.securityfocus.com/archive/1/488457/100/0/threaded)

http://www.redhat.com/support/errata/RHSA-2007-1076.html

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (http://www.securityfocus.com/archive/1/507985/100/0/threaded)

ADV-2008-0637 (http://www.vupen.com/english/advisories/2008/0637)

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093

SECUNIA-25353 (http://secunia.com/advisories/25353)

SECUNIA-25233 (http://secunia.com/advisories/25233)

https://issues.rpath.com/browse/RPL-1358

USN-585-1 (http://www.ubuntu.com/usn/usn-585-1)

SECUNIA-28027 (http://secunia.com/advisories/28027)

http://www.novell.com/linux/security/advisories/2007_13_sr.html

SECUNIA-31255 (http://secunia.com/advisories/31255)

DSA-1620 (http://www.debian.org/security/2008/dsa-1620)

SECUNIA-25787 (http://secunia.com/advisories/25787)

XF-python-localemodule-information-disclosure(34060) (https://exchange.xforce.ibmcloud.com/vulnerabilities/34060)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716

ADV-2009-3316 (http://www.vupen.com/english/advisories/2009/3316)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:099

SECUNIA-29889 (http://secunia.com/advisories/29889)

Miscellaneous

2007-0019 (http://www.trustix.org/errata/2007/0019)

Rapid7

Technical Analysis