Is CVE-2008-3143 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 4%.

What products does CVE-2008-3143 affect?

Tracked products affected include Python. Check the version you run to see whether it is affected.

How do I fix CVE-2008-3143?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2008-3143

Q: What is CVE-2008-3143?

CVE-2008-3143 is a high-severity software vulnerability (Integer overflow) with a CVSS score of 7.5. Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7)

HIGH severity · CVSS 7.5 · Integer overflow

7.5CVSS HIGH

Summary

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)4%

AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

Python

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2008-3143

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information