CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 DNS requests properly and a buffer overflow occurs.
An attacker can execute arbitrary code as the user running python.
Users with IPV6 enabled are not affected by this vulnerability.
All Python 2.2 users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=dev-lang/python-2.2.2"
# emerge ">=dev-lang/python-2.2.2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-lang/python | < 2.2.2 | UNKNOWN |