Lucene search

K
cve[email protected]CVE-2010-2089
HistoryMay 27, 2010 - 7:30 p.m.

CVE-2010-2089

2010-05-2719:30:01
CWE-787
web.nvd.nist.gov
51
2
cve-2010-2089
python
audioop
module
denial of service
memory corruption
application crash

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.8%

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Affected configurations

NVD
Node
pythonpythonRange2.5.02.5.6
OR
pythonpythonRange2.6.02.6.6
OR
pythonpythonRange3.1.03.1.3

References

Social References

More

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.8%