{"id":"PSF-2008-3","summary":"Multiple integer overflows (Apple)","details":"Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.","aliases":["CVE-2008-1887"],"modified":"2025-09-19T01:45:15.354605Z","published":"2008-04-18T17:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"ADVISORY","url":"https://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f"},{"fixed":"e7d8be80ba634fa15ece6f503c33592e0d333361"}]}],"versions":["v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2008-3.json","vanir_signatures":[{"signature_type":"Function","id":"PSF-2008-3-023cd85b","digest":{"length":415,"function_hash":"174941883938551525293027593299939815835"},"deprecated":false,"target":{"file":"Objects/bufferobject.c","function":"buffer_repeat"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-02d46701","digest":{"length":1424,"function_hash":"321684392884044464639541453990783282636"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF7"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-09317f31","digest":{"threshold":0.9,"line_hashes":["8702355647083151077177442873423762060","256358883385088833455389016186003469947","326799411103538151160876690301753971567","311275300378952926972837736156731396412","104476194792433927328270498414527017167","22045501091258655778172781451807523490","174561224173992234501798392731245714663","288763131729203460931974281812961536469"]},"deprecated":false,"target":{"file":"Objects/tupleobject.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-10d4183a","digest":{"length":1582,"function_hash":"201998595693299500705426877827884467764"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF32"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-181ea940","digest":{"length":2365,"function_hash":"35564629393689688197038371558459767632"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUnicodeEscape"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-1cfe7cc9","digest":{"length":982,"function_hash":"295311698603878271357800750879630282759"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"_PyUnicode_New"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-240d1bda","digest":{"length":459,"function_hash":"256672710536377377080589565644837540867"},"deprecated":false,"target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Malloc"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-24aab8e0","digest":{"threshold":0.9,"line_hashes":["34571439800708846669407541504856277912","259024870395624833578067420886475952285","148424106013443641192559150790943460884","311303122365429156181339964613107815345","125927178937266146903169518574754220729","154910404345787297845903502426467748483","154929491826445230200065642193030939108","317680516403314868904401503779622780600","336042977882819599393951927289778715958","113387577714883274778403885102356359560","3079022183992197977637345252921650509","220099847368241714754346393468678645352","238948639922645936118556573682218340127","300327862615580307462662417453207997265","148424106013443641192559150790943460884"]},"deprecated":false,"target":{"file":"Objects/stringobject.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-253331f8","digest":{"threshold":0.9,"line_hashes":["140872470254770034998634220314971506577","200684295129467557610699384866895829064","309170840442201762607660658816354935963","265142578828940165706222438653844325097"]},"deprecated":false,"target":{"file":"Modules/mmapmodule.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-28a98e20","digest":{"length":1380,"function_hash":"289146492685830904560514379897212249239"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF7"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-2ca6bce7","digest":{"threshold":0.9,"line_hashes":["36704933337134979547259245315177317527","260063958441463328743067701972661265554","42313691757232934352060655726346557457","178886879311985995572067787482116111711"]},"deprecated":false,"target":{"file":"Objects/bufferobject.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-3322a8c2","digest":{"length":1255,"function_hash":"325756884127608117384186363075660811578"},"deprecated":false,"target":{"file":"Objects/stringobject.c","function":"string_concat"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-33b2b493","digest":{"length":368,"function_hash":"49400254052092914917868643445107759648"},"deprecated":false,"target":{"file":"Modules/mmapmodule.c","function":"mmap_read_method"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-365d084a","digest":{"length":1849,"function_hash":"235566126352117054245999391338236093756"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeRawUnicodeEscape"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-42cc6c14","digest":{"length":1726,"function_hash":"246191528654270920944709993059109285947"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeRawUnicodeEscape"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-4f128844","digest":{"threshold":0.9,"line_hashes":["3077506747153906668053683114889787640","290123248936609645563214240441235820844","302840342770549152155070108387750231634","56904835954019545298637973749124908510","125927178937266146903169518574754220729","118309296766653908578720634078971517101","193911698604404129596813479116179166242"]},"deprecated":false,"target":{"file":"Objects/bytesobject.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-53396bac","digest":{"length":992,"function_hash":"36959525595464747181710834466833662437"},"deprecated":false,"target":{"file":"Objects/bytesobject.c","function":"PyBytes_FromStringAndSize"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-54c8c938","digest":{"threshold":0.9,"line_hashes":["8702355647083151077177442873423762060","256358883385088833455389016186003469947","326799411103538151160876690301753971567","311275300378952926972837736156731396412","104476194792433927328270498414527017167","22045501091258655778172781451807523490","174561224173992234501798392731245714663","288763131729203460931974281812961536469"]},"deprecated":false,"target":{"file":"Objects/tupleobject.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-5cedab0a","digest":{"length":459,"function_hash":"256672710536377377080589565644837540867"},"deprecated":false,"target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Malloc"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-669db2cb","digest":{"length":361,"function_hash":"209565139914006867541248199962143219362"},"deprecated":false,"target":{"file":"Modules/mmapmodule.c","function":"mmap_read_method"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-6e037cf6","digest":{"threshold":0.9,"line_hashes":["220527900302322200923421432030679531924","19381451446371757904476039093354399731","3430972940979080692396105544155368722","83532022009829876180923368221540128554","7974779982293134599274861898464651077","192619689004444563098964593680492966555","155930053377756775031138095591324645383","226288483068556808893691481854331855437","251224088384524217171800120118069816135","17885447252279758729166611545693489840","334458972157283891018802626603631389987","171160276289006078461113144723424476806","190370906758550518534451405381124987640","299952063271694119327510860495132127392","107357143870577167115344338348828001711","317582605323396902856016402704465236600","213452269711602773788400814158177328466","155930053377756775031138095591324645383","67538189787779336901054138513252064805","250512325331868522514295297608540914516","182037404295073569526580727699282953137","290810285294826572005878978434835856841","171160276289006078461113144723424476806","6723383967816725783037558032323309972","133408414038528527886951929161244374548","186450850696247405206537994134941146580","158446776771142480473526622770287457114","169877787963092964766179427029102762166","246602311123159027393064195064520807650","143304502567114201690603101785389879053","27917436218769095113321000291310447451","39104079689848263607848247984743689084","978156742370094660045655795972158334","314019837191381952190291342951900759392","94305766033771104263013030067001275911","162081015904395494909894461545039168440","138164700835037776081872364682468635026","37089544546323009918878963643335835776","254461325685840740727048092880761266884","166884463807360169797347836994480359363","3056105180256140543256268558583067498","10391804593419674228819445101250513466","304912306938415429794868297804678897793","334316733669218507662572573949727515108","132083226495296419424075168411830733954","222726941369125033221767343718303489579","142675734592843492035280414457354467652","154990002122622632843757454218588083881","53612136141818408905195254678605820266","106092724874581529221751956203540806009"]},"deprecated":false,"target":{"file":"Objects/unicodeobject.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-7aa1c460","digest":{"length":345,"function_hash":"154250400807187387716364038440040573730"},"deprecated":false,"target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Resize"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-96220dcf","digest":{"length":1189,"function_hash":"246131104867562720227408078735749758297"},"deprecated":false,"target":{"file":"Objects/stringobject.c","function":"PyString_FromStringAndSize"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-97b6f6c9","digest":{"length":1025,"function_hash":"189428741964279592008892266324517081574"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"_PyUnicode_New"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-9c4f7664","digest":{"length":1226,"function_hash":"267709696194513394759122288571237936165"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF16"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-9d538717","digest":{"threshold":0.9,"line_hashes":["101206311869914337128479982565463845728","33241904654929658012049761965917606014","277806776011589723087918867834735216560","31455926648392373233136290120890325971","33943461895177400525978187629104828596","33241904654929658012049761965917606014","50086059745673274029769044503134920484","34398717918596942260778568048704416126"]},"deprecated":false,"target":{"file":"Modules/stropmodule.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-9da3e7a7","digest":{"threshold":0.9,"line_hashes":["140872470254770034998634220314971506577","200684295129467557610699384866895829064","309170840442201762607660658816354935963","50351819913793997017965634058529559437"]},"deprecated":false,"target":{"file":"Modules/mmapmodule.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-ad540140","digest":{"length":1154,"function_hash":"89489952850371214776652210958018868740"},"deprecated":false,"target":{"file":"Objects/stringobject.c","function":"PyString_FromString"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-ad68d836","digest":{"threshold":0.9,"line_hashes":["207522548415994758060155387619424439495","45645255352314501402757933115725166236","28647860221923700800760521220057814095","204882524176091883203765734447966216314","71588719590905421646324016836761423241","34435001285761390071505895449153860747","196434310517963728931744512477808924967","48473473581343782678392861644529295332"]},"deprecated":false,"target":{"file":"Modules/gcmodule.c"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-ad6d6ac7","digest":{"length":1492,"function_hash":"5746849874090722196097208036127270287"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF32"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-b76262d1","digest":{"threshold":0.9,"line_hashes":["161247059129467610911235181370856535563","45184589686982710393044564743533493297","181187261367709662265972635350165947380"]},"deprecated":false,"target":{"file":"Objects/bytearrayobject.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-bd6d133d","digest":{"length":345,"function_hash":"154250400807187387716364038440040573730"},"deprecated":false,"target":{"file":"Modules/gcmodule.c","function":"_PyObject_GC_Resize"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-c058b6a4","digest":{"threshold":0.9,"line_hashes":["207522548415994758060155387619424439495","45645255352314501402757933115725166236","28647860221923700800760521220057814095","204882524176091883203765734447966216314","71588719590905421646324016836761423241","34435001285761390071505895449153860747","196434310517963728931744512477808924967","48473473581343782678392861644529295332"]},"deprecated":false,"target":{"file":"Modules/gcmodule.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-c1c7957c","digest":{"length":1169,"function_hash":"30377626198724384113181794604652868252"},"deprecated":false,"target":{"file":"Objects/tupleobject.c","function":"PyTuple_New"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-c3ece034","digest":{"length":1136,"function_hash":"328162300943643209029347819371095397090"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"PyUnicode_EncodeUTF16"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Line","id":"PSF-2008-3-c8927266","digest":{"threshold":0.9,"line_hashes":["220527900302322200923421432030679531924","19381451446371757904476039093354399731","3430972940979080692396105544155368722","177038800068264430496323421293823291950","281607948945410149269357125749068616149","72672438455732194007634284175218004155","32319436294822568758019812641502076171","17021572171258583470494941019389337958","335984694918435787356478881582266864853","17885447252279758729166611545693489840","334458972157283891018802626603631389987","171160276289006078461113144723424476806","200673275008364638984287071167870765682","51524137003803067937998556229359097382","98482591888358045691757044264455220768","43954134895396082116345420419057217331","224439575396894325273864158163642302073","32319436294822568758019812641502076171","215602867787779657627992472508289781502","322233695256956361091377511310882100334","182037404295073569526580727699282953137","290810285294826572005878978434835856841","171160276289006078461113144723424476806","338931649509966760995197848312287822964","131186692475986193566390569232636464367","196252888490908485067967760444419747983","249398182794988050740367579448890668969","50026045714681315410077466703465643933","330724855388644840858807674789250270155","136545490193649677294509891327167826433","218948582402849742501750499461651856796","253216058782761534561781876909594846262","94305766033771104263013030067001275911","162081015904395494909894461545039168440","138164700835037776081872364682468635026","37089544546323009918878963643335835776","254461325685840740727048092880761266884","128640052924865573363650248365630023463","75415043773599461269818922215709856393","40600018422235476276089473483480753900","90821355473005313729061698402676973131","244049449698427966295809134140220411837","262016804737068394158670278257247904051","142675734592843492035280414457354467652","154990002122622632843757454218588083881","53612136141818408905195254678605820266","106092724874581529221751956203540806009"]},"deprecated":false,"target":{"file":"Objects/unicodeobject.c"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-d0154619","digest":{"length":537,"function_hash":"297175300056709883720639609651710215414"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"pad"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-d59418ed","digest":{"length":2513,"function_hash":"319621910472410628754523301572435564310"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"unicodeescape_string"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-d88f8733","digest":{"length":943,"function_hash":"86037935329652882943290209416906999543"},"deprecated":false,"target":{"file":"Objects/bytesobject.c","function":"PyBytes_FromString"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-dc980880","digest":{"length":537,"function_hash":"297175300056709883720639609651710215414"},"deprecated":false,"target":{"file":"Objects/unicodeobject.c","function":"pad"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-e247e609","digest":{"length":713,"function_hash":"210825719420881444521496306708832546794"},"deprecated":false,"target":{"file":"Objects/bytearrayobject.c","function":"PyByteArray_FromStringAndSize"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-e5225f47","digest":{"length":2168,"function_hash":"18690806800654208298623577225730499833"},"deprecated":false,"target":{"file":"Modules/stropmodule.c","function":"strop_joinfields"},"source":"https://github.com/python/cpython/commit/e7d8be80ba634fa15ece6f503c33592e0d333361","signature_version":"v1"},{"signature_type":"Function","id":"PSF-2008-3-ef635653","digest":{"length":1169,"function_hash":"30377626198724384113181794604652868252"},"deprecated":false,"target":{"file":"Objects/tupleobject.c","function":"PyTuple_New"},"source":"https://github.com/python/cpython/commit/3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f","signature_version":"v1"}]}}],"schema_version":"1.7.3"}