Computer Security
[EN] securityvulns.ru no-pyccku


python security vulnerabilities
Published:17.07.2010
Source:
SecurityVulns ID:11004
Type:library
Threat Level:
5/10
Description:Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse.
Affected:PYTHOH : python 2.7
 PYTHON : python 3.2
CVE:CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.)
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:132 ] python (17.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod