Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2089
HistoryMay 27, 2010 - 12:00 a.m.

CVE-2010-2089

2010-05-2700:00:00
ubuntu.com
ubuntu.com
13

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.5%

The audioop module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse with a one-byte string, a different vulnerability than
CVE-2010-1634.

Bugs

Notes

Author Note
mdeslaur upstream bug report says 2.6 is affected also DoS only, setting to low
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpython3.1<Β 3.1.2-0ubuntu3.2UNKNOWN
ubuntu8.04noarchpython2.4<Β 2.4.5-1ubuntu4.4UNKNOWN
ubuntu8.04noarchpython2.5<Β 2.5.2-2ubuntu6.2UNKNOWN
ubuntu10.04noarchpython2.6<Β 2.6.5-1ubuntu6.1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.5%