CVE-2010-1634

Severity

50%

Complexity

99%

Confidentiality

48%

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Python

First reported 14 years ago

2010-05-27 19:30:00

Last updated 5 years ago

2019-10-25 11:53:00

Affected Software

Python 3.1

3.1

Python 3.2

3.2

References

http://bugs.python.org/issue8674

Patch

APPLE-SA-2011-10-12-3

FEDORA-2010-9652

SUSE-SR:2010:024

SUSE-SR:2011:002

39937

Vendor Advisory

40194

42888

43068

50858

51024

51040

51087

http://support.apple.com/kb/HT5002

http://svn.python.org/view?rev=81045&view=rev

Patch

http://svn.python.org/view?rev=81079&view=rev

Patch

RHSA-2011:0027

40370

USN-1596-1

USN-1613-1

USN-1613-2

USN-1616-1

ADV-2010-1448

ADV-2011-0122

ADV-2011-0212

https://bugzilla.redhat.com/show_bug.cgi?id=590690

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.