REDHAT-BUG-598197
First published: Mon May 31 2010(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2010-2089">CVE-2010-2089</a> to the following vulnerability: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2010-1634">CVE-2010-1634</a>. References: [1] <a href="http://bugs.python.org/issue7673">http://bugs.python.org/issue7673</a> Public PoC (from [1]): $ python -c "import audioop; audioop.reverse('X', 2)" Fatal Python error: Inconsistent interned string state. Abandon
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python 2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-2089
- https://access.redhat.com/security/cve/CVE-2010-1634
- http://bugs.python.org/issue7673
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418359&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418359&action=edit
- http://admin.fedoraproject.org/updates/python-2.6.2-8.fc12
- http://admin.fedoraproject.org/updates/python-2.6.4-27.fc13
- http://admin.fedoraproject.org/updates/python-2.6-14.fc11
- http://admin.fedoraproject.org/updates/python3-3.1.2-6.fc13
- http://admin.fedoraproject.org/updates/python26-2.6.5-5.el5
- https://rhn.redhat.com/errata/RHSA-2011-0027.html
- https://rhn.redhat.com/errata/RHSA-2011-0491.html
- https://bugzilla.redhat.com/show_bug.cgi?id=598197
Frequently Asked Questions
What is the severity of REDHAT-BUG-598197?
REDHAT-BUG-598197 is classified as a moderate severity vulnerability.
How do I fix REDHAT-BUG-598197?
To fix REDHAT-BUG-598197, update your Python installation to a version that addresses the vulnerability.
What versions of Python are affected by REDHAT-BUG-598197?
REDHAT-BUG-598197 affects Python versions 2.7 and 3.2.
What type of vulnerability is REDHAT-BUG-598197?
REDHAT-BUG-598197 is a vulnerability in the audioop module related to improper verification of size arguments.
Can REDHAT-BUG-598197 lead to security risks?
Yes, exploitation of REDHAT-BUG-598197 can lead to potential denial of service and arbitrary code execution.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2089
- agent/source
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python
- canonical/python 2.7