FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

python -- Integer Signedness Error in zlib Module

Affected packages
python23 < 2.3.6_1
python24 < 2.4.5_1
python25 < 2.5.2_2

Details

VuXML ID ec41c3e2-129c-11dd-bab7-0016179b2dd5
Discovery 2008-04-10
Entry 2008-04-25
Modified 2008-04-28

Justin Ferguson reports:

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

References

Bugtraq ID 28715
CVE Name CVE-2008-1721
URL http://bugs.python.org/issue2586
URL http://securityreason.com/securityalert/3802