RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/vuln/audioop-integer-overflows.html below:

audioop integer overflows — Python Security 0.0 documentation

audioop integer overflows¶

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow.

NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.

Dates:

Disclosure date: 2010-05-10 (Python issue bpo-8674 reported)

Fixed In¶

Python 2.6.6 (2010-08-23) fixed by commit 7ceb497 (branch 2.6) (2010-05-11)
Python 2.7.0 (2010-07-03) fixed by commit 11bb2cd (branch 2.7) (2010-05-11)
Python 3.1.3 (2010-11-27) fixed by commit ee289e6 (branch 3.1) (2010-05-11)
Python 3.2.0 (2011-02-20) fixed by commit 393b97a (branch 3.2) (2010-05-11)

Python issue¶

audioop: incorrect integer overflow checks.

Python issue: bpo-8674
Creation date: 2010-05-10
Reporter: Tomas Hoger

CVE-2010-1634¶

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

CVE ID: CVE-2010-1634
Published: 2010-05-27
CVSS Score: 5.0

Timeline¶

Timeline using the disclosure date 2010-05-10 as reference:

2010-05-10: Python issue bpo-8674 reported by Tomas Hoger
2010-05-11 (+1 days): commit 11bb2cd (branch 2.7)
2010-05-11 (+1 days): commit 393b97a (branch 3.2)
2010-05-11 (+1 days): commit 7ceb497 (branch 2.6)
2010-05-11 (+1 days): commit ee289e6 (branch 3.1)
2010-05-27 (+17 days): CVE-2010-1634 published
2010-07-03: Python 2.7.0 released
2010-08-23 (+105 days): Python 2.6.6 released
2010-11-27 (+201 days): Python 3.1.3 released
2011-02-20: Python 3.2.0 released

Links¶

https://nvd.nist.gov/vuln/detail/CVE-2008-3143/

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4