CVE-2010-2089

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 27-05-2010 09:30

Last modified: - 16-08-2022 03:32

Total changes: - 2

Description

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

http://bugs.python.org/issue7673
FEDORA-2010-9652-Mailing List, Third Party Advisory
40863-Third Party Advisory, VDB Entry
40194-Third Party Advisory
ADV-2010-1448-Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=598197
ADV-2011-0122-Third Party Advisory
RHSA-2011:0027-Third Party Advisory
42888-Third Party Advisory
SUSE-SR:2010:024-Mailing List, Third Party Advisory
43068-Third Party Advisory
SUSE-SR:2011:002-Mailing List, Third Party Advisory
ADV-2011-0212-Third Party Advisory
http://support.apple.com/kb/HT5002
APPLE-SA-2011-10-12-3-Mailing List, Third Party Advisory
USN-1596-1-Third Party Advisory
USN-1613-2-Third Party Advisory
USN-1613-1-Third Party Advisory
51040-Third Party Advisory
50858-Third Party Advisory
USN-1616-1-Third Party Advisory
51087-Third Party Advisory
51024-Third Party Advisory

Keywords

CVE-2010-2089

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-2089

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures