.. _audioop-input-validation:

audioop input validation
========================

.. warning::
    This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**.

    The `canonical database for vulnerabilities affecting Python <https://github.com/psf/advisory-database>`_ is available on GitHub
    in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the
    `Open Source Vulnerability Database <https://osv.dev/list?ecosystem=&q=CVE-2010-2089>`_.

The ``audioop`` module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
``audioop.reverse()`` with a one-byte string, a different vulnerability
than CVE-2010-1634.

Dates:

* Disclosure date: **2010-01-11** (Python issue bpo-7673 reported)

Fixed In
--------

* Python **2.6.6** (2010-08-23) fixed by `commit e9123ef (branch 2.6) <https://github.com/python/cpython/commit/e9123efa21a16584758b5ce7da93d3966cf0cd81>`_ (2010-07-03)
* Python **2.7.2** (2011-06-11) fixed by `commit e9123ef (branch 2.6) <https://github.com/python/cpython/commit/e9123efa21a16584758b5ce7da93d3966cf0cd81>`_ (2010-07-03)
* Python **3.1.3** (2010-11-27) fixed by `commit 8e42fb7 (branch 3.1) <https://github.com/python/cpython/commit/8e42fb7ada3198e66d3f060c5c87c52465a86e36>`_ (2010-07-03)
* Python **3.2.0** (2011-02-20) fixed by `commit bc5c54b (branch 3.2) <https://github.com/python/cpython/commit/bc5c54bca24fdb1fcf7fa055831ec997a65f3ce8>`_ (2010-07-03)

Python issue
------------

audioop: check that length is a multiple of the size.

* Python issue: `bpo-7673 <https://bugs.python.org/issue7673>`_
* Creation date: 2010-01-11
* Reporter: STINNER Victor

CVE-2010-2089
-------------

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

* CVE ID: `CVE-2010-2089 <https://nvd.nist.gov/vuln/detail/CVE-2010-2089/>`_
* Published: 2010-05-27
* `CVSS Score <https://nvd.nist.gov/cvss.cfm>`_: 5.0

Timeline
--------

Timeline using the disclosure date **2010-01-11** as reference:

* 2010-01-11: `Python issue bpo-7673 <https://bugs.python.org/issue7673>`_ reported by STINNER Victor
* 2010-05-27 (**+136 days**): CVE-2010-2089 published
* 2010-07-03 (**+173 days**): `commit 8e42fb7 (branch 3.1) <https://github.com/python/cpython/commit/8e42fb7ada3198e66d3f060c5c87c52465a86e36>`_
* 2010-07-03 (**+173 days**): `commit bc5c54b (branch 3.2) <https://github.com/python/cpython/commit/bc5c54bca24fdb1fcf7fa055831ec997a65f3ce8>`_
* 2010-07-03 (**+173 days**): `commit e9123ef (branch 2.6) <https://github.com/python/cpython/commit/e9123efa21a16584758b5ce7da93d3966cf0cd81>`_
* 2010-08-23 (**+224 days**): Python 2.6.6 released
* 2010-11-27 (**+320 days**): Python 3.1.3 released
* 2011-02-20: Python 3.2.0 released
* 2011-06-11 (**+516 days**): Python 2.7.2 released

Links
-----

* https://nvd.nist.gov/vuln/detail/CVE-2010-1634/