Description

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Remediation

References

CVE-2010-2089

Related Vulnerabilities

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

WordPress Plugin Cryptocurrency Widgets Pack SQL Injection (1.8.1)

Jenkins Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2018-1000193)

WordPress Plugin Gettext override translations Cross-Site Scripting (1.0.1)

Atlassian Confluence Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)

Severity

Medium

Classification

CVE-2010-2089 CWE-119

Tags

Missing Update Known Vulnerabilities