CVE-2010-2089

Priority
Description
The audioop module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse with a one-byte string, a different vulnerability than
CVE-2010-1634.
Notes
 mdeslaur> upstream bug report says 2.6 is affected also
 mdeslaur> DoS only, setting to low
Assigned-to
jdstrand
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:released (2.6.5+20100706-1)
Patches:
Upstream:http://svn.python.org/view?view=rev&revision=82494
Upstream:http://hg.python.org/cpython/rev/29116b2fcffe
Package
Upstream:released (2.7-1)
Package
Upstream:released (3.2)
More Information

Updated: 2019-01-14 21:52:48 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)