PT-2010-3297 · Python+1 · Python+1

Tomas Hoger

Published

2010-05-27

Updated

2023-02-13

CVE-2010-1634

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Python versions 2.6 through 3.2

Description The issue is caused by multiple integer overflows in the audioop module, specifically in the audioop.c file. This allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a large fragment. For example, calling audioop.lin2lin with a long string in the first argument can lead to a buffer overflow. This vulnerability exists due to an incorrect fix for a previous issue.

Recommendations For Python versions 2.6 through 3.2, consider applying a patch or fix to address the integer overflows in the audioop module. As a temporary workaround, restrict the use of the audioop.lin2lin function with large input strings to minimize the risk of a denial of service.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2010-1634

PSF-2010-4

RHSA-2011:0027

RHSA-2011:0491

RHSA-2011_0027

RHSA-2011_0491

Affected Products

Python

Red Hat

PT-2010-3297 · Python+1 · Python+1

CVE-2010-1634

Weakness Enumeration

Related Identifiers

Affected Products

References · 51