CVE-2010-1634
27.05.2010, 19:30
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.Enginsight
| Vendor | Product | Version |
|---|---|---|
| python | python | 2.5.0 ≤ 𝑥 < 2.5.6 |
| python | python | 2.6.0 ≤ 𝑥 < 2.6.6 |
| python | python | 3.1.0 ≤ 𝑥 < 3.1.3 |
| opensuse | opensuse | 11.2 |
| opensuse | opensuse | 11.3 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 11.04 |
| canonical | ubuntu_linux | 11.10 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.4 |
| ||||||||||||||||||||
| python2.5 |
| ||||||||||||||||||||
| python2.6 |
| ||||||||||||||||||||
| python2.7 |
| ||||||||||||||||||||
| python3.1 |
| ||||||||||||||||||||
| python3.2 |
|
References