logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2010-2089

Description

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. #### Bugs * <http://bugs.python.org/issue7673> #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | upstream bug report says 2.6 is affected also DoS only, setting to low


Affected Package


OS OS Version Package Name Package Version
ubuntu 08.04 python2.4 2.4.5-1ubuntu4.4
ubuntu upstream python2.4 any
ubuntu 08.04 python2.5 2.5.2-2ubuntu6.2
ubuntu upstream python2.5 any
ubuntu 10.04 python2.6 2.6.5-1ubuntu6.1
ubuntu upstream python2.6 2.6.5+20100706-1
ubuntu upstream python2.7 2.7-1
ubuntu 10.04 python3.1 3.1.2-0ubuntu3.2
ubuntu upstream python3.1 3.1.3-1
ubuntu upstream python3.2 3.2

Related