audioop integer overflows¶
Multiple integer overflows in audioop.c
in the audioop
module in Python
2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial
of service (application crash) via a large fragment, as demonstrated by a
call to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow.
NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.
- Disclosure date: 2010-05-10 (Python issue bpo-8674 reported)
Fixed In¶
- Python 2.6.6 (2010-08-24) fixed by commit 7ceb497 (branch 2.6) (2010-05-11)
- Python 2.7.0 (2010-07-03) fixed by commit 11bb2cd (branch 2.7) (2010-05-11)
- Python 3.1.3 (2010-11-27) fixed by commit ee289e6 (branch 3.1) (2010-05-11)
- Python 3.2.0 (2011-02-20) fixed by commit 393b97a (branch 3.2) (2010-05-11)
Python issue¶
audioop: incorrect integer overflow checks.
- Python issue: bpo-8674
- Creation date: 2010-05-10
- Reporter: Tomas Hoger
CVE-2010-1634¶
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
- CVE ID: CVE-2010-1634
- Published: 2010-05-27
- CVSS Score: 5.0
Timeline¶
Timeline using the disclosure date 2010-05-10 as reference:
- 2010-05-10: Python issue bpo-8674 reported by Tomas Hoger
- 2010-05-11 (+1 days): commit 11bb2cd (branch 2.7)
- 2010-05-11 (+1 days): commit 393b97a (branch 3.2)
- 2010-05-11 (+1 days): commit 7ceb497 (branch 2.6)
- 2010-05-11 (+1 days): commit ee289e6 (branch 3.1)
- 2010-05-27 (+17 days): CVE-2010-1634 published
- 2010-07-03: Python 2.7.0 released
- 2010-08-24 (+106 days): Python 2.6.6 released
- 2010-11-27 (+201 days): Python 3.1.3 released
- 2011-02-20: Python 3.2.0 released