.. _audioop-integer-overflows:

audioop integer overflows
=========================

.. warning::
    This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**.

    The `canonical database for vulnerabilities affecting Python <https://github.com/psf/advisory-database>`_ is available on GitHub
    in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the
    `Open Source Vulnerability Database <https://osv.dev/list?ecosystem=&q=CVE-2010-1634>`_.

Multiple integer overflows in ``audioop.c`` in the ``audioop`` module in Python
2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial
of service (application crash) via a large fragment, as demonstrated by a
call to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow.

NOTE: this vulnerability exists because of an incorrect fix for
CVE-2008-3143.

Dates:

* Disclosure date: **2010-05-10** (Python issue bpo-8674 reported)

Fixed In
--------

* Python **2.6.6** (2010-08-23) fixed by `commit 7ceb497 (branch 2.6) <https://github.com/python/cpython/commit/7ceb497ae6f554274399bd9916ea5a21de443208>`_ (2010-05-11)
* Python **2.7.0** (2010-07-03) fixed by `commit 11bb2cd (branch 2.7) <https://github.com/python/cpython/commit/11bb2cdc6aa8db142a87de281b83293d500847b2>`_ (2010-05-11)
* Python **3.1.3** (2010-11-27) fixed by `commit ee289e6 (branch 3.1) <https://github.com/python/cpython/commit/ee289e6cd5c009e641ee970cfc67996d8f871221>`_ (2010-05-11)
* Python **3.2.0** (2011-02-20) fixed by `commit 393b97a (branch 3.2) <https://github.com/python/cpython/commit/393b97a7b61583f3e0401f385da8b741ef1684d6>`_ (2010-05-11)

Python issue
------------

audioop: incorrect integer overflow checks.

* Python issue: `bpo-8674 <https://bugs.python.org/issue8674>`_
* Creation date: 2010-05-10
* Reporter: Tomas Hoger

CVE-2010-1634
-------------

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

* CVE ID: `CVE-2010-1634 <https://nvd.nist.gov/vuln/detail/CVE-2010-1634/>`_
* Published: 2010-05-27
* `CVSS Score <https://nvd.nist.gov/cvss.cfm>`_: 5.0

Timeline
--------

Timeline using the disclosure date **2010-05-10** as reference:

* 2010-05-10: `Python issue bpo-8674 <https://bugs.python.org/issue8674>`_ reported by Tomas Hoger
* 2010-05-11 (**+1 days**): `commit 11bb2cd (branch 2.7) <https://github.com/python/cpython/commit/11bb2cdc6aa8db142a87de281b83293d500847b2>`_
* 2010-05-11 (**+1 days**): `commit 393b97a (branch 3.2) <https://github.com/python/cpython/commit/393b97a7b61583f3e0401f385da8b741ef1684d6>`_
* 2010-05-11 (**+1 days**): `commit 7ceb497 (branch 2.6) <https://github.com/python/cpython/commit/7ceb497ae6f554274399bd9916ea5a21de443208>`_
* 2010-05-11 (**+1 days**): `commit ee289e6 (branch 3.1) <https://github.com/python/cpython/commit/ee289e6cd5c009e641ee970cfc67996d8f871221>`_
* 2010-05-27 (**+17 days**): CVE-2010-1634 published
* 2010-07-03: Python 2.7.0 released
* 2010-08-23 (**+105 days**): Python 2.6.6 released
* 2010-11-27 (**+201 days**): Python 3.1.3 released
* 2011-02-20: Python 3.2.0 released

Links
-----

* https://nvd.nist.gov/vuln/detail/CVE-2008-3143/