ID CVE-2010-1634
Summary Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
References
Vulnerable Configurations
  • cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-10-2019 - 11:53)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2011:0027
rpms
  • python-0:2.4.3-43.el5
  • python-debuginfo-0:2.4.3-43.el5
  • python-devel-0:2.4.3-43.el5
  • python-libs-0:2.4.3-43.el5
  • python-tools-0:2.4.3-43.el5
  • tkinter-0:2.4.3-43.el5
  • python-0:2.3.4-14.10.el4
  • python-debuginfo-0:2.3.4-14.10.el4
  • python-devel-0:2.3.4-14.10.el4
  • python-docs-0:2.3.4-14.10.el4
  • python-tools-0:2.3.4-14.10.el4
  • tkinter-0:2.3.4-14.10.el4
refmap via4
apple APPLE-SA-2011-10-12-3
bid 40370
confirm
fedora FEDORA-2010-9652
secunia
  • 39937
  • 40194
  • 42888
  • 43068
  • 50858
  • 51024
  • 51040
  • 51087
suse
  • SUSE-SR:2010:024
  • SUSE-SR:2011:002
ubuntu
  • USN-1596-1
  • USN-1613-1
  • USN-1613-2
  • USN-1616-1
vupen
  • ADV-2010-1448
  • ADV-2011-0122
  • ADV-2011-0212
Last major update 25-10-2019 - 11:53
Published 27-05-2010 - 19:30
Last modified 25-10-2019 - 11:53
Back to Top