{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88728?format=json","vulnerability_id":"VCID-q7b1-n4tc-dffa","summary":"python off-by-one locale.strxfrm() (possible memory disclosure)","aliases":[{"alias":"CVE-2007-2052"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129592?format=json","purl":"pkg:rpm/redhat/python@1.5.2-43.72?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aunn-rnwm-1fhe"},{"vulnerability":"VCID-q7b1-n4tc-dffa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@1.5.2-43.72%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/129593?format=json","purl":"pkg:rpm/redhat/python@2.2.3-6?arch=8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aunn-rnwm-1fhe"},{"vulnerability":"VCID-k8aa-5wqq-73h3"},{"vulnerability":"VCID-q7b1-n4tc-dffa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.2.3-6%3Farch=8"},{"url":"http://public2.vulnerablecode.io/api/packages/129591?format=json","purl":"pkg:rpm/redhat/python@2.3.4-14.4.el4_6?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aunn-rnwm-1fhe"},{"vulnerability":"VCID-k8aa-5wqq-73h3"},{"vulnerability":"VCID-q7b1-n4tc-dffa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.3.4-14.4.el4_6%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/128814?format=json","purl":"pkg:rpm/redhat/python@2.4.3-24.el5_3?arch=6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24m5-6chr-y7a8"},{"vulnerability":"VCID-38yx-1h5j-4kb1"},{"vulnerability":"VCID-b3m1-mjke-n3br"},{"vulnerability":"VCID-bas7-hr7c-r7b3"},{"vulnerability":"VCID-fpye-8fe9-m7du"},{"vulnerability":"VCID-g65j-xhje-hkd4"},{"vulnerability":"VCID-k8aa-5wqq-73h3"},{"vulnerability":"VCID-q7b1-n4tc-dffa"},{"vulnerability":"VCID-qh23-73q6-pubf"},{"vulnerability":"VCID-wznk-5ze9-kucq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.4.3-24.el5_3%3Farch=6"}],"references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"},{"reference_url":"http://lists.vmware.com/pipermail/security-announce/2008/000005.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000005.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2052.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2052","reference_id":"","reference_type":"","scores":[{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94309","published_at":"2026-05-07T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.9424","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94252","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94253","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94263","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94267","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94271","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94272","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94295","published_at":"2026-04-26T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.13743","scoring_system":"epss","scoring_elements":"0.94299","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2052"},{"reference_url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"},{"reference_url":"http://secunia.com/advisories/25190","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25190"},{"reference_url":"http://secunia.com/advisories/25217","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25217"},{"reference_url":"http://secunia.com/advisories/25233","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25233"},{"reference_url":"http://secunia.com/advisories/25353","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25353"},{"reference_url":"http://secunia.com/advisories/25787","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25787"},{"reference_url":"http://secunia.com/advisories/28027","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/28027"},{"reference_url":"http://secunia.com/advisories/28050","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/28050"},{"reference_url":"http://secunia.com/advisories/29032","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/29032"},{"reference_url":"http://secunia.com/advisories/29303","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/29303"},{"reference_url":"http://secunia.com/advisories/29889","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/29889"},{"reference_url":"http://secunia.com/advisories/31255","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31255"},{"reference_url":"http://secunia.com/advisories/31492","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31492"},{"reference_url":"http://secunia.com/advisories/37471","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/37471"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34060","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"},{"reference_url":"https://issues.rpath.com/browse/RPL-1358","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-1358"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"},{"reference_url":"http://www.debian.org/security/2008/dsa-1551","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1551"},{"reference_url":"http://www.debian.org/security/2008/dsa-1620","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1620"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:099","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"},{"reference_url":"http://www.novell.com/linux/security/advisories/2007_13_sr.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/linux/security/advisories/2007_13_sr.html"},{"reference_url":"http://www.python.org/download/releases/2.5.1/NEWS.txt","reference_id":"","reference_type":"","scores":[],"url":"http://www.python.org/download/releases/2.5.1/NEWS.txt"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-1076.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-1076.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-1077.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-1077.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0629.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0629.html"},{"reference_url":"http://www.securityfocus.com/archive/1/469294/30/6450/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/469294/30/6450/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/488457/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/488457/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/23887","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/23887"},{"reference_url":"http://www.trustix.org/errata/2007/0019/","reference_id":"","reference_type":"","scores":[],"url":"http://www.trustix.org/errata/2007/0019/"},{"reference_url":"http://www.ubuntu.com/usn/usn-585-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-585-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2007/1465","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/1465"},{"reference_url":"http://www.vupen.com/english/advisories/2008/0637","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/0637"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=235093","reference_id":"235093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=235093"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2052","reference_id":"CVE-2007-2052","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2052"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30018.py","reference_id":"CVE-2007-2052;OSVDB-35247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30018.py"},{"reference_url":"https://www.securityfocus.com/bid/23887/info","reference_id":"CVE-2007-2052;OSVDB-35247","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23887/info"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1076","reference_id":"RHSA-2007:1076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1077","reference_id":"RHSA-2007:1077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0264","reference_id":"RHSA-2008:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0525","reference_id":"RHSA-2008:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0629","reference_id":"RHSA-2008:0629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1176","reference_id":"RHSA-2009:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1176"},{"reference_url":"https://usn.ubuntu.com/585-1/","reference_id":"USN-585-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/585-1/"}],"weaknesses":[{"cwe_id":193,"name":"Off-by-one Error","description":"A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value."}],"exploits":[{"date_added":"2007-05-08","description":"Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2007-05-08","exploit_type":"remote","platform":"linux","source_date_updated":"2013-12-04","data_source":"Exploit-DB","source_url":"https://www.securityfocus.com/bid/23887/info"}],"severity_range_score":"5.0 - 5.0","exploitability":"2.0","weighted_severity":"4.5","risk_score":9.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7b1-n4tc-dffa"}