{"id":"PSF-2008-4","summary":"Multiple integer overflows (Apple)","details":"Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules.  NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.","aliases":["CVE-2008-2315"],"modified":"2025-10-09T01:05:59.207987Z","published":"2008-08-01T14:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"ADVISORY","url":"https://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f"},{"fixed":"e7d8be80ba634fa15ece6f503c33592e0d333361"}]}],"versions":["v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"174941883938551525293027593299939815835","length":415},"signature_version":"v1","id":"PSF-2008-4-023cd85b","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/bufferobject.c","function":"buffer_repeat"}},{"digest":{"function_hash":"321684392884044464639541453990783282636","length":1424},"signature_version":"v1","id":"PSF-2008-4-02d46701","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF7"}},{"digest":{"threshold":0.9,"line_hashes":["8702355647083151077177442873423762060","256358883385088833455389016186003469947","326799411103538151160876690301753971567","311275300378952926972837736156731396412","104476194792433927328270498414527017167","22045501091258655778172781451807523490","174561224173992234501798392731245714663","288763131729203460931974281812961536469"]},"signature_version":"v1","id":"PSF-2008-4-09317f31","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/tupleobject.c"}},{"digest":{"function_hash":"201998595693299500705426877827884467764","length":1582},"signature_version":"v1","id":"PSF-2008-4-10d4183a","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF32"}},{"digest":{"function_hash":"35564629393689688197038371558459767632","length":2365},"signature_version":"v1","id":"PSF-2008-4-181ea940","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUnicodeEscape"}},{"digest":{"function_hash":"295311698603878271357800750879630282759","length":982},"signature_version":"v1","id":"PSF-2008-4-1cfe7cc9","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"_PyUnicode_New"}},{"digest":{"function_hash":"256672710536377377080589565644837540867","length":459},"signature_version":"v1","id":"PSF-2008-4-240d1bda","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Malloc"}},{"digest":{"threshold":0.9,"line_hashes":["34571439800708846669407541504856277912","259024870395624833578067420886475952285","148424106013443641192559150790943460884","311303122365429156181339964613107815345","125927178937266146903169518574754220729","154910404345787297845903502426467748483","154929491826445230200065642193030939108","317680516403314868904401503779622780600","336042977882819599393951927289778715958","113387577714883274778403885102356359560","3079022183992197977637345252921650509","220099847368241714754346393468678645352","238948639922645936118556573682218340127","300327862615580307462662417453207997265","148424106013443641192559150790943460884"]},"signature_version":"v1","id":"PSF-2008-4-24aab8e0","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/stringobject.c"}},{"digest":{"threshold":0.9,"line_hashes":["140872470254770034998634220314971506577","200684295129467557610699384866895829064","309170840442201762607660658816354935963","265142578828940165706222438653844325097"]},"signature_version":"v1","id":"PSF-2008-4-253331f8","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/mmapmodule.c"}},{"digest":{"function_hash":"289146492685830904560514379897212249239","length":1380},"signature_version":"v1","id":"PSF-2008-4-28a98e20","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF7"}},{"digest":{"threshold":0.9,"line_hashes":["36704933337134979547259245315177317527","260063958441463328743067701972661265554","42313691757232934352060655726346557457","178886879311985995572067787482116111711"]},"signature_version":"v1","id":"PSF-2008-4-2ca6bce7","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/bufferobject.c"}},{"digest":{"function_hash":"325756884127608117384186363075660811578","length":1255},"signature_version":"v1","id":"PSF-2008-4-3322a8c2","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/stringobject.c","function":"string_concat"}},{"digest":{"function_hash":"49400254052092914917868643445107759648","length":368},"signature_version":"v1","id":"PSF-2008-4-33b2b493","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/mmapmodule.c","function":"mmap_read_method"}},{"digest":{"function_hash":"235566126352117054245999391338236093756","length":1849},"signature_version":"v1","id":"PSF-2008-4-365d084a","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeRawUnicodeEscape"}},{"digest":{"function_hash":"246191528654270920944709993059109285947","length":1726},"signature_version":"v1","id":"PSF-2008-4-42cc6c14","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeRawUnicodeEscape"}},{"digest":{"threshold":0.9,"line_hashes":["3077506747153906668053683114889787640","290123248936609645563214240441235820844","302840342770549152155070108387750231634","56904835954019545298637973749124908510","125927178937266146903169518574754220729","118309296766653908578720634078971517101","193911698604404129596813479116179166242"]},"signature_version":"v1","id":"PSF-2008-4-4f128844","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/bytesobject.c"}},{"digest":{"function_hash":"36959525595464747181710834466833662437","length":992},"signature_version":"v1","id":"PSF-2008-4-53396bac","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/bytesobject.c","function":"PyBytes_FromStringAndSize"}},{"digest":{"threshold":0.9,"line_hashes":["8702355647083151077177442873423762060","256358883385088833455389016186003469947","326799411103538151160876690301753971567","311275300378952926972837736156731396412","104476194792433927328270498414527017167","22045501091258655778172781451807523490","174561224173992234501798392731245714663","288763131729203460931974281812961536469"]},"signature_version":"v1","id":"PSF-2008-4-54c8c938","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/tupleobject.c"}},{"digest":{"function_hash":"256672710536377377080589565644837540867","length":459},"signature_version":"v1","id":"PSF-2008-4-5cedab0a","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Malloc"}},{"digest":{"function_hash":"209565139914006867541248199962143219362","length":361},"signature_version":"v1","id":"PSF-2008-4-669db2cb","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Modules/mmapmodule.c","function":"mmap_read_method"}},{"digest":{"threshold":0.9,"line_hashes":["220527900302322200923421432030679531924","19381451446371757904476039093354399731","3430972940979080692396105544155368722","83532022009829876180923368221540128554","7974779982293134599274861898464651077","192619689004444563098964593680492966555","155930053377756775031138095591324645383","226288483068556808893691481854331855437","251224088384524217171800120118069816135","17885447252279758729166611545693489840","334458972157283891018802626603631389987","171160276289006078461113144723424476806","190370906758550518534451405381124987640","299952063271694119327510860495132127392","107357143870577167115344338348828001711","317582605323396902856016402704465236600","213452269711602773788400814158177328466","155930053377756775031138095591324645383","67538189787779336901054138513252064805","250512325331868522514295297608540914516","182037404295073569526580727699282953137","290810285294826572005878978434835856841","171160276289006078461113144723424476806","6723383967816725783037558032323309972","133408414038528527886951929161244374548","186450850696247405206537994134941146580","158446776771142480473526622770287457114","169877787963092964766179427029102762166","246602311123159027393064195064520807650","143304502567114201690603101785389879053","27917436218769095113321000291310447451","39104079689848263607848247984743689084","978156742370094660045655795972158334","314019837191381952190291342951900759392","94305766033771104263013030067001275911","162081015904395494909894461545039168440","138164700835037776081872364682468635026","37089544546323009918878963643335835776","254461325685840740727048092880761266884","166884463807360169797347836994480359363","3056105180256140543256268558583067498","10391804593419674228819445101250513466","304912306938415429794868297804678897793","334316733669218507662572573949727515108","132083226495296419424075168411830733954","222726941369125033221767343718303489579","142675734592843492035280414457354467652","154990002122622632843757454218588083881","53612136141818408905195254678605820266","106092724874581529221751956203540806009"]},"signature_version":"v1","id":"PSF-2008-4-6e037cf6","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c"}},{"digest":{"function_hash":"154250400807187387716364038440040573730","length":345},"signature_version":"v1","id":"PSF-2008-4-7aa1c460","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Resize"}},{"digest":{"function_hash":"246131104867562720227408078735749758297","length":1189},"signature_version":"v1","id":"PSF-2008-4-96220dcf","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/stringobject.c","function":"PyString_FromStringAndSize"}},{"digest":{"function_hash":"189428741964279592008892266324517081574","length":1025},"signature_version":"v1","id":"PSF-2008-4-97b6f6c9","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"_PyUnicode_New"}},{"digest":{"function_hash":"267709696194513394759122288571237936165","length":1226},"signature_version":"v1","id":"PSF-2008-4-9c4f7664","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF16"}},{"digest":{"threshold":0.9,"line_hashes":["101206311869914337128479982565463845728","33241904654929658012049761965917606014","277806776011589723087918867834735216560","31455926648392373233136290120890325971","33943461895177400525978187629104828596","33241904654929658012049761965917606014","50086059745673274029769044503134920484","34398717918596942260778568048704416126"]},"signature_version":"v1","id":"PSF-2008-4-9d538717","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/stropmodule.c"}},{"digest":{"threshold":0.9,"line_hashes":["140872470254770034998634220314971506577","200684295129467557610699384866895829064","309170840442201762607660658816354935963","50351819913793997017965634058529559437"]},"signature_version":"v1","id":"PSF-2008-4-9da3e7a7","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Modules/mmapmodule.c"}},{"digest":{"function_hash":"89489952850371214776652210958018868740","length":1154},"signature_version":"v1","id":"PSF-2008-4-ad540140","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/stringobject.c","function":"PyString_FromString"}},{"digest":{"threshold":0.9,"line_hashes":["207522548415994758060155387619424439495","45645255352314501402757933115725166236","28647860221923700800760521220057814095","204882524176091883203765734447966216314","71588719590905421646324016836761423241","34435001285761390071505895449153860747","196434310517963728931744512477808924967","48473473581343782678392861644529295332"]},"signature_version":"v1","id":"PSF-2008-4-ad68d836","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/gcmodule.c"}},{"digest":{"function_hash":"5746849874090722196097208036127270287","length":1492},"signature_version":"v1","id":"PSF-2008-4-ad6d6ac7","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF32"}},{"digest":{"threshold":0.9,"line_hashes":["161247059129467610911235181370856535563","45184589686982710393044564743533493297","181187261367709662265972635350165947380"]},"signature_version":"v1","id":"PSF-2008-4-b76262d1","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/bytearrayobject.c"}},{"digest":{"function_hash":"154250400807187387716364038440040573730","length":345},"signature_version":"v1","id":"PSF-2008-4-bd6d133d","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Resize"}},{"digest":{"threshold":0.9,"line_hashes":["207522548415994758060155387619424439495","45645255352314501402757933115725166236","28647860221923700800760521220057814095","204882524176091883203765734447966216314","71588719590905421646324016836761423241","34435001285761390071505895449153860747","196434310517963728931744512477808924967","48473473581343782678392861644529295332"]},"signature_version":"v1","id":"PSF-2008-4-c058b6a4","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Modules/gcmodule.c"}},{"digest":{"function_hash":"30377626198724384113181794604652868252","length":1169},"signature_version":"v1","id":"PSF-2008-4-c1c7957c","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/tupleobject.c","function":"PyTuple_New"}},{"digest":{"function_hash":"328162300943643209029347819371095397090","length":1136},"signature_version":"v1","id":"PSF-2008-4-c3ece034","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF16"}},{"digest":{"threshold":0.9,"line_hashes":["220527900302322200923421432030679531924","19381451446371757904476039093354399731","3430972940979080692396105544155368722","177038800068264430496323421293823291950","281607948945410149269357125749068616149","72672438455732194007634284175218004155","32319436294822568758019812641502076171","17021572171258583470494941019389337958","335984694918435787356478881582266864853","17885447252279758729166611545693489840","334458972157283891018802626603631389987","171160276289006078461113144723424476806","200673275008364638984287071167870765682","51524137003803067937998556229359097382","98482591888358045691757044264455220768","43954134895396082116345420419057217331","224439575396894325273864158163642302073","32319436294822568758019812641502076171","215602867787779657627992472508289781502","322233695256956361091377511310882100334","182037404295073569526580727699282953137","290810285294826572005878978434835856841","171160276289006078461113144723424476806","338931649509966760995197848312287822964","131186692475986193566390569232636464367","196252888490908485067967760444419747983","249398182794988050740367579448890668969","50026045714681315410077466703465643933","330724855388644840858807674789250270155","136545490193649677294509891327167826433","218948582402849742501750499461651856796","253216058782761534561781876909594846262","94305766033771104263013030067001275911","162081015904395494909894461545039168440","138164700835037776081872364682468635026","37089544546323009918878963643335835776","254461325685840740727048092880761266884","128640052924865573363650248365630023463","75415043773599461269818922215709856393","40600018422235476276089473483480753900","90821355473005313729061698402676973131","244049449698427966295809134140220411837","262016804737068394158670278257247904051","142675734592843492035280414457354467652","154990002122622632843757454218588083881","53612136141818408905195254678605820266","106092724874581529221751956203540806009"]},"signature_version":"v1","id":"PSF-2008-4-c8927266","deprecated":false,"signature_type":"Line","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c"}},{"digest":{"function_hash":"297175300056709883720639609651710215414","length":537},"signature_version":"v1","id":"PSF-2008-4-d0154619","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/unicodeobject.c","function":"pad"}},{"digest":{"function_hash":"319621910472410628754523301572435564310","length":2513},"signature_version":"v1","id":"PSF-2008-4-d59418ed","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"unicodeescape_string"}},{"digest":{"function_hash":"86037935329652882943290209416906999543","length":943},"signature_version":"v1","id":"PSF-2008-4-d88f8733","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/bytesobject.c","function":"PyBytes_FromString"}},{"digest":{"function_hash":"297175300056709883720639609651710215414","length":537},"signature_version":"v1","id":"PSF-2008-4-dc980880","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Objects/unicodeobject.c","function":"pad"}},{"digest":{"function_hash":"210825719420881444521496306708832546794","length":713},"signature_version":"v1","id":"PSF-2008-4-e247e609","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/bytearrayobject.c","function":"PyByteArray_FromStringAndSize"}},{"digest":{"function_hash":"18690806800654208298623577225730499833","length":2168},"signature_version":"v1","id":"PSF-2008-4-e5225f47","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","target":{"file":"Modules/stropmodule.c","function":"strop_joinfields"}},{"digest":{"function_hash":"30377626198724384113181794604652868252","length":1169},"signature_version":"v1","id":"PSF-2008-4-ef635653","deprecated":false,"signature_type":"Function","source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","target":{"file":"Objects/tupleobject.c","function":"PyTuple_New"}}],"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2008-4.json"}}],"schema_version":"1.7.3"}