CVE-2010-2089: audioop input validation

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse() with a one-byte string, a different vulnerability than CVE-2010-1634.

  • Disclosure date: 2010-01-11 (Python issue bpo-7673 reported)

Fixed In

Python issue

audioop: check that length is a multiple of the size.

  • Python issue: bpo-7673
  • Creation date: 2010-01-11
  • Reporter: STINNER Victor

CVE-2010-2089

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Timeline

Timeline using the disclosure date 2010-01-11 as reference: