audioop input validation¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
The audioop
module in Python 2.7 and 3.2 does not verify the relationships
between size arguments and byte string lengths, which allows
context-dependent attackers to cause a denial of service (memory corruption
and application crash) via crafted arguments, as demonstrated by a call to
audioop.reverse()
with a one-byte string, a different vulnerability
than CVE-2010-1634.
Dates:
- Disclosure date: 2010-01-11 (Python issue bpo-7673 reported)
Fixed In¶
- Python 2.6.6 (2010-08-23) fixed by commit e9123ef (branch 2.6) (2010-07-03)
- Python 2.7.2 (2011-06-11) fixed by commit e9123ef (branch 2.6) (2010-07-03)
- Python 3.1.3 (2010-11-27) fixed by commit 8e42fb7 (branch 3.1) (2010-07-03)
- Python 3.2.0 (2011-02-20) fixed by commit bc5c54b (branch 3.2) (2010-07-03)
Python issue¶
audioop: check that length is a multiple of the size.
- Python issue: bpo-7673
- Creation date: 2010-01-11
- Reporter: STINNER Victor
CVE-2010-2089¶
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
- CVE ID: CVE-2010-2089
- Published: 2010-05-27
- CVSS Score: 5.0
Timeline¶
Timeline using the disclosure date 2010-01-11 as reference:
- 2010-01-11: Python issue bpo-7673 reported by STINNER Victor
- 2010-05-27 (+136 days): CVE-2010-2089 published
- 2010-07-03 (+173 days): commit 8e42fb7 (branch 3.1)
- 2010-07-03 (+173 days): commit bc5c54b (branch 3.2)
- 2010-07-03 (+173 days): commit e9123ef (branch 2.6)
- 2010-08-23 (+224 days): Python 2.6.6 released
- 2010-11-27 (+320 days): Python 3.1.3 released
- 2011-02-20: Python 3.2.0 released
- 2011-06-11 (+516 days): Python 2.7.2 released