CVE-2008-2316

Description

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB.

Risk Information

Base Score

9.1

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

1.692

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Python 2.5.2	Windows
Multiple Vulnerabilities are affected in Python for MAC 1.5.2	Mac
Multiple Vulnerabilities are affected in Python for MAC 1.6.1	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.0.1	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.1.3	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.2.3	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.5.1	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.5.2	Mac
Multiple Vulnerabilities are affected in Python for MAC 2.3.7	Mac
Vulnerabilities CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3144 are affected in Python for MAC 2.4.5	Mac
Vulnerabilities CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3144 are affected in Python for MAC 2.4.5	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7
PATCH-611773	Python for MAC 3.13.7

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234