The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse() with a one-byte string, a different vulnerability than CVE-2010-1634.
Dates:
Disclosure date: 2010-01-11 (Python issue bpo-7673 reported)
Python 2.6.6 (2010-08-23) fixed by commit e9123ef (branch 2.6) (2010-07-03)
Python 2.7.2 (2011-06-11) fixed by commit e9123ef (branch 2.6) (2010-07-03)
Python 3.1.3 (2010-11-27) fixed by commit 8e42fb7 (branch 3.1) (2010-07-03)
Python 3.2.0 (2011-02-20) fixed by commit bc5c54b (branch 3.2) (2010-07-03)
audioop: check that length is a multiple of the size.
Python issue: bpo-7673
Creation date: 2010-01-11
Reporter: STINNER Victor
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
CVE ID: CVE-2010-2089
Published: 2010-05-27
CVSS Score: 5.0
Timeline using the disclosure date 2010-01-11 as reference:
2010-01-11: Python issue bpo-7673 reported by STINNER Victor
2010-05-27 (+136 days): CVE-2010-2089 published
2010-07-03 (+173 days): commit 8e42fb7 (branch 3.1)
2010-07-03 (+173 days): commit bc5c54b (branch 3.2)
2010-07-03 (+173 days): commit e9123ef (branch 2.6)
2010-08-23 (+224 days): Python 2.6.6 released
2010-11-27 (+320 days): Python 3.1.3 released
2011-02-20: Python 3.2.0 released
2011-06-11 (+516 days): Python 2.7.2 released
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4