audioop integer overflows¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
Multiple integer overflows in audioop.c
in the audioop
module in Python
2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial
of service (application crash) via a large fragment, as demonstrated by a
call to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow.
NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.
Dates:
- Disclosure date: 2010-05-10 (Python issue bpo-8674 reported)
Fixed In¶
- Python 2.6.6 (2010-08-23) fixed by commit 7ceb497 (branch 2.6) (2010-05-11)
- Python 2.7.0 (2010-07-03) fixed by commit 11bb2cd (branch 2.7) (2010-05-11)
- Python 3.1.3 (2010-11-27) fixed by commit ee289e6 (branch 3.1) (2010-05-11)
- Python 3.2.0 (2011-02-20) fixed by commit 393b97a (branch 3.2) (2010-05-11)
Python issue¶
audioop: incorrect integer overflow checks.
- Python issue: bpo-8674
- Creation date: 2010-05-10
- Reporter: Tomas Hoger
CVE-2010-1634¶
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
- CVE ID: CVE-2010-1634
- Published: 2010-05-27
- CVSS Score: 5.0
Timeline¶
Timeline using the disclosure date 2010-05-10 as reference:
- 2010-05-10: Python issue bpo-8674 reported by Tomas Hoger
- 2010-05-11 (+1 days): commit 11bb2cd (branch 2.7)
- 2010-05-11 (+1 days): commit 393b97a (branch 3.2)
- 2010-05-11 (+1 days): commit 7ceb497 (branch 2.6)
- 2010-05-11 (+1 days): commit ee289e6 (branch 3.1)
- 2010-05-27 (+17 days): CVE-2010-1634 published
- 2010-07-03: Python 2.7.0 released
- 2010-08-23 (+105 days): Python 2.6.6 released
- 2010-11-27 (+201 days): Python 3.1.3 released
- 2011-02-20: Python 3.2.0 released