CVE-2010-1634 — MEDIUM (5.0)

Q: How severe is CVE-2010-1634?

CVE-2010-1634 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1634?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Server, Canonical Ubuntu Linux.

Vulnerability Description

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Python	Python	>= 2.5.0, < 2.5.6
Fedoraproject	Fedora	13
Opensuse	Opensuse	11.2
Suse	Linux Enterprise Server	10
Canonical	Ubuntu Linux	8.04

Related Weaknesses (CWE)

CWE-190

References

http://bugs.python.org/issue8674Issue TrackingPatchVendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlBroken LinkIssue TrackingThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/39937Not Applicable
http://secunia.com/advisories/40194Not Applicable
http://secunia.com/advisories/42888Not Applicable
http://secunia.com/advisories/43068Not Applicable
http://secunia.com/advisories/50858Not Applicable
http://secunia.com/advisories/51024Not Applicable
http://secunia.com/advisories/51040Not Applicable
http://secunia.com/advisories/51087Not Applicable
http://support.apple.com/kb/HT5002Third Party Advisory
http://svn.python.org/view?rev=81045&view=revPatchPermissions RequiredVendor Advisory

FAQ

What is CVE-2010-1634?

CVE-2010-1634 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, ...

How severe is CVE-2010-1634?

CVE-2010-1634 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1634?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Server, Canonical Ubuntu Linux.