CVE-2010-2089

Priority
Description
The audioop module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse with a one-byte string, a different vulnerability than
CVE-2010-1634.
Assigned-to
jdstrand
Notes
mdeslaurupstream bug report says 2.6 is affected also
DoS only, setting to low
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:released (2.6.5+20100706-1)
Patches:
Upstream:http://svn.python.org/view?view=rev&revision=82494
Upstream:http://hg.python.org/cpython/rev/29116b2fcffe
Package
Upstream:released (2.7-1)
Package
Upstream:released (3.2)
More Information

Updated: 2019-12-05 20:55:07 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)