CVE-2010-2089
published 2010-05-27CVE-2010-2089: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
14.64%
96.2th percentile
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python2.7 | < python2.7 2.7-1 (bullseye) | python2.7 2.7-1 (bullseye) |
| python | python | >= 2.5.0 < 2.5.6 | 2.5.6 |
| python | python | >= 2.6.0 < 2.6.6 | 2.6.6 |
| python | python | >= 3.1.0 < 3.1.3 | 3.1.3 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu6.9MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Python 3.1 vulnerabilities
vendor_ubuntu·2012-10-24·CVSS 6.9
CVE-2008-5983 [MEDIUM] Python 3.1 vulnerabilities
Title: Python 3.1 vulnerabilities
Summary: Several security issues were fixed in Python 3.1.
It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)
It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. These issues only affected Ubuntu 10.04 LTS.
(CVE-2010-1634, CVE-2010-2089)
It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker co
Ubuntu
Python 2.5 vulnerabilities
vendor_ubuntu·2012-10-17·CVSS 6.9
CVE-2008-5983 [MEDIUM] Python 2.5 vulnerabilities
Title: Python 2.5 vulnerabilities
Summary: Several security issues were fixed in Python 2.5.
It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)
It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. (CVE-2010-1634, CVE-2010-2089)
Giampaolo Rodola discovered several race conditions in the smtpd module.
A remote attacker could exploit this to cause a denial of service via
daemon outage. (CVE-2010-3493)
It was discovered that the CGIHTT
Ubuntu
Python 2.4 vulnerabilities
vendor_ubuntu·2012-10-17·CVSS 6.9
CVE-2010-2089 [MEDIUM] Python 2.4 vulnerabilities
Title: Python 2.4 vulnerabilities
Summary: Several security issues were fixed in Python 2.4.
USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the
corresponding updates for Python 2.4.
Original advisory details:
It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)
It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. (CVE-2010-1634, CVE-2010-2089)
Giampaolo Rodola discovered several race conditions in the smtpd mod
Ubuntu
Python 2.6 vulnerabilities
vendor_ubuntu·2012-10-04·CVSS 6.9
CVE-2008-5983 [MEDIUM] Python 2.6 vulnerabilities
Title: Python 2.6 vulnerabilities
Summary: Several security issues were fixed in Python 2.6.
It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)
It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. (CVE-2010-1634, CVE-2010-2089)
Giampaolo Rodola discovered several race conditions in the smtpd module.
A remote attacker could exploit this to cause a denial of service via
daemon outage. (CVE-2010-3493)
It was discovered that the CGIHTT
Red Hat
Python: Memory corruption in audioop module
vendor_redhat·2010-01-11·CVSS 5.0
CVE-2010-2089 [MEDIUM] Python: Memory corruption in audioop module
Python: Memory corruption in audioop module
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Package: python (Red Hat Enterprise Linux Extended Update Support 6.0) - Affected
Debian
CVE-2010-2089: python2.7 - The audioop module in Python 2.7 and 3.2 does not verify the relationships betwe...
vendor_debian·2010·CVSS 5.0
CVE-2010-2089 [MEDIUM] CVE-2010-2089: python2.7 - The audioop module in Python 2.7 and 3.2 does not verify the relationships betwe...
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Scope: local
bullseye: resolved (fixed in 2.7-1)
GHSA
GHSA-8428-fhph-pvrc: The audioop module in Python 2
ghsa_unreviewed·2022-05-13·CVSS 5.0
CVE-2010-2089 [MEDIUM] CWE-119 GHSA-8428-fhph-pvrc: The audioop module in Python 2
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
OSV
CVE-2010-2089: The audioop module in Python 2
osv·2010-05-27·CVSS 5.0
CVE-2010-2089 [MEDIUM] CVE-2010-2089: The audioop module in Python 2
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
No detection rules found.
Bugzilla
CVE-2010-2089 Python: Memory corruption in audioop module [Fedora all]
bugzilla·2010-05-31·CVSS 5.0
CVE-2010-2089 [MEDIUM] CVE-2010-2089 Python: Memory corruption in audioop module [Fedora all]
CVE-2010-2089 Python: Memory corruption in audioop module [Fedora all]
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #598197:
CVE-2010-2089 Python: Memory corruption in audioop module
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=598197
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2010-2089 Python: Memory corruption in audioop module
bugzilla·2010-05-31·CVSS 5.0
CVE-2010-2089 [MEDIUM] CVE-2010-2089 Python: Memory corruption in audioop module
CVE-2010-2089 Python: Memory corruption in audioop module
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2089 to
the following vulnerability:
The audioop module in Python 2.7 and 3.2 does not verify the
relationships between size arguments and byte string lengths, which
allows context-dependent attackers to cause a denial of service
(memory corruption and application crash) via crafted arguments, as
demonstrated by a call to audioop.reverse with a one-byte string, a
different vulnerability than CVE-2010-1634.
References:
[1] http://bugs.python.org/issue7673
Public PoC (from [1]):
$ python -c "import audioop; audioop.reverse('X', 2)"
Fatal Python error: Inconsistent interned string state.
Abandon
Discussion:
Created attachment 418359
audioop_check_length.patch by
http://bugs.python.org/issue7673http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/40194http://secunia.com/advisories/42888http://secunia.com/advisories/43068http://secunia.com/advisories/50858http://secunia.com/advisories/51024http://secunia.com/advisories/51040http://secunia.com/advisories/51087http://support.apple.com/kb/HT5002http://www.redhat.com/support/errata/RHSA-2011-0027.htmlhttp://www.securityfocus.com/bid/40863http://www.ubuntu.com/usn/USN-1596-1http://www.ubuntu.com/usn/USN-1613-1http://www.ubuntu.com/usn/USN-1613-2http://www.ubuntu.com/usn/USN-1616-1http://www.vupen.com/english/advisories/2010/1448http://www.vupen.com/english/advisories/2011/0122http://www.vupen.com/english/advisories/2011/0212https://bugzilla.redhat.com/show_bug.cgi?id=598197http://bugs.python.org/issue7673http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/40194http://secunia.com/advisories/42888http://secunia.com/advisories/43068http://secunia.com/advisories/50858http://secunia.com/advisories/51024http://secunia.com/advisories/51040http://secunia.com/advisories/51087http://support.apple.com/kb/HT5002http://www.redhat.com/support/errata/RHSA-2011-0027.htmlhttp://www.securityfocus.com/bid/40863http://www.ubuntu.com/usn/USN-1596-1http://www.ubuntu.com/usn/USN-1613-1http://www.ubuntu.com/usn/USN-1613-2http://www.ubuntu.com/usn/USN-1616-1http://www.vupen.com/english/advisories/2010/1448http://www.vupen.com/english/advisories/2011/0122http://www.vupen.com/english/advisories/2011/0212https://bugzilla.redhat.com/show_bug.cgi?id=598197
2010-05-27
Published