Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-2089

Published: 27/05/2010 Updated: 16/08/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent malicious users to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-1634 and CVE-2010-2089
Debian Bug report logs - #599739 CVE-2010-1634 and CVE-2010-2089 Package: python25; Maintainer for python25 is (unknown); Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Oct 2010 17:33:02 UTC Severity: grave Tags: security Fixed in version python25/255-9 Done: Matthias Klose <doko@debianorg> B ...
Ubuntu Security Notice: python2.4 vulnerabilities
Several security issues were fixed in Python 24 ...
Ubuntu Security Notice: python3.1 vulnerabilities
Several security issues were fixed in Python 31 ...
Ubuntu Security Notice: python2.5 vulnerabilities
Several security issues were fixed in Python 25 ...
Ubuntu Security Notice: python2.6 vulnerabilities
Several security issues were fixed in Python 26 ...

Exploits

Exploit DB: Python 3.2 - 'audioop' Module Memory Corruption
source: wwwsecurityfocuscom/bid/40863/info The 'audioop' module for Python is prone to a memory-corruption vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application Failed exploit attempts will result in a denial-of-service condition $ python -c "import audioop; audioop ...

References

CWE-787http://bugs.python.org/issue7673http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.htmlhttp://www.securityfocus.com/bid/40863http://secunia.com/advisories/40194http://www.vupen.com/english/advisories/2010/1448https://bugzilla.redhat.com/show_bug.cgi?id=598197http://www.vupen.com/english/advisories/2011/0122http://www.redhat.com/support/errata/RHSA-2011-0027.htmlhttp://secunia.com/advisories/42888http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://secunia.com/advisories/43068http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://www.vupen.com/english/advisories/2011/0212http://support.apple.com/kb/HT5002http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://www.ubuntu.com/usn/USN-1596-1http://www.ubuntu.com/usn/USN-1613-2http://www.ubuntu.com/usn/USN-1613-1http://secunia.com/advisories/51040http://secunia.com/advisories/50858http://www.ubuntu.com/usn/USN-1616-1http://secunia.com/advisories/51087http://secunia.com/advisories/51024https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599739https://nvd.nist.govhttps://usn.ubuntu.com/1613-2/https://www.exploit-db.com/exploits/34145/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook