Description

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Remediation

References

CVE-2010-2089

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)

WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8)

Squid Improper Input Validation Vulnerability (CVE-2009-2855)

Oracle JRE CVE-2022-21299 Vulnerability (CVE-2022-21299)

Oracle Application Server CVE-2007-0280 Vulnerability (CVE-2007-0280)

Severity

Medium

Classification

CVE-2010-2089 CWE-119

Tags

Missing Update Known Vulnerabilities