cbcvebase.
CVE-2010-2089
published 2010-05-27

CVE-2010-2089: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent…

PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
14.64%
96.2th percentile
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianpython2.7< python2.7 2.7-1 (bullseye)python2.7 2.7-1 (bullseye)
pythonpython>= 2.5.0 < 2.5.62.5.6
pythonpython>= 2.6.0 < 2.6.62.6.6
pythonpython>= 3.1.0 < 3.1.33.1.3

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu6.9MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.