CVE-2007-2052

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

🔗 References (76)

• cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
• cve@mitrehttp://lists.vmware.com/pipermail/security-announce/2008/000005.html
• cve@mitrehttp://secunia.com/advisories/25190
• cve@mitrehttp://secunia.com/advisories/25217
• cve@mitrehttp://secunia.com/advisories/25233
• cve@mitrehttp://secunia.com/advisories/25353
• cve@mitrehttp://secunia.com/advisories/25787
• cve@mitrehttp://secunia.com/advisories/28027
• cve@mitrehttp://secunia.com/advisories/28050
• cve@mitrehttp://secunia.com/advisories/29032
• cve@mitrehttp://secunia.com/advisories/29303
• cve@mitrehttp://secunia.com/advisories/29889
• cve@mitrehttp://secunia.com/advisories/31255
• cve@mitrehttp://secunia.com/advisories/31492
• cve@mitrehttp://secunia.com/advisories/37471