Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2089
HistoryMay 27, 2010 - 12:00 a.m.

CVE-2010-2089

2010-05-2700:00:00
ubuntu.com
ubuntu.com
20

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.8%

The audioop module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse with a one-byte string, a different vulnerability than
CVE-2010-1634.

Bugs

Notes

Author Note
mdeslaur upstream bug report says 2.6 is affected also DoS only, setting to low
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpython2.4< 2.4.5-1ubuntu4.4UNKNOWN
ubuntu8.04noarchpython2.5< 2.5.2-2ubuntu6.2UNKNOWN
ubuntu10.04noarchpython2.6< 2.6.5-1ubuntu6.1UNKNOWN
ubuntu10.04noarchpython3.1< 3.1.2-0ubuntu3.2UNKNOWN

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.8%