CVE-2010-2089 (retired)

Priority
Description
The audioop module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse with a one-byte string, a different vulnerability than
CVE-2010-1634.
Notes
 mdeslaur> upstream bug report says 2.6 is affected also
 mdeslaur> DoS only, setting to low
Assigned-to
jdstrand
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:released (2.6.5+20100706-1)
Patches:
Upstream:http://svn.python.org/view?view=rev&revision=82494
Upstream:http://hg.python.org/cpython/rev/29116b2fcffe
Package
Upstream:released (2.7-1)
Package
Upstream:released (3.2)
More Information

Updated: 2019-03-26 11:51:52 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)