PSF-2010-4

See a problem?

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2010-4.json

JSON Data

https://api.test.osv.dev/v1/vulns/PSF-2010-4

Aliases

CVE-2010-1634

Published

2010-05-27T19:00:00Z

Modified

2025-09-19T01:44:41.272496Z

Summary

audioop integer overflows

Details

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

Database specific

{
    "cwe_ids": []
}

References

https://bugs.python.org/issue8674

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7ceb497ae6f554274399bd9916ea5a21de443208

Fixed

ee289e6cd5c009e641ee970cfc67996d8f871221

Affected versions

v0.*

v0.9.8

v0.9.9

v1.*

v1.0.1

v1.0.2

v1.1

v1.1.1

v1.2

v1.2b1

v1.2b2

v1.2b3

v1.2b4

v1.3

v1.3b1

v1.4

v1.4b1

v1.4b2

v1.4b3

v1.5

v1.5.1

v1.5.2

v1.5.2a1

v1.5.2a2

v1.5.2b1

v1.5.2b2

v1.5.2c1

v1.5a1

v1.5a2

v1.5a3

v1.5a4

v1.5b1

v1.5b2

v1.6a1

v1.6a2

v2.*

v2.0

v2.0b1

v2.0b2

v2.0c1

v2.1

v2.1a1

v2.1a2

v2.1b1

v2.1b2

v2.1c1

v2.1c2

v2.2a3

v2.3c1

v2.3c2

v2.4

v2.4a1

v2.4a2

v2.4a3

v2.4b1

v2.4b2

v2.4c1

v2.5a0

v2.5a1

v2.5a2

v2.5b1

v2.5b2

v2.5b3

v2.6

v2.6.1

v2.6.2

v2.6.2c1

v2.6.3

v2.6.3rc1

v2.6.4

v2.6.4rc1

v2.6.4rc2

v2.6.5

v2.6.5rc1

v2.6.5rc2

v2.6a1

v2.6a2

v2.6a3

v2.6b1

v2.6b2

v2.6b3

v2.6rc1

v2.6rc2

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://github.com/python/cpython/commit/7ceb497ae6f554274399bd9916ea5a21de443208",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "Modules/audioop.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "196221488950172925550644331932534438013",
                    "189482937106790974487117451542323051760",
                    "128124632389929399064464979486347852305",
                    "80366452554841449162056830552976713835",
                    "163456086712753299228322560937451675916",
                    "143942870675118306613615219700349720885",
                    "165100708944452796940240566622174075771",
                    "198437367510675418763152917465280530535",
                    "82097478808595579467027996374351835359",
                    "126519212345464101720242550191032702066",
                    "191414195554895176964115909934765792943",
                    "265622334341368273968217381202241777350",
                    "218724728069995030861719361922075818063",
                    "333257063349459487225507178640778406123"
                ]
            },
            "id": "PSF-2010-4-089048ea"
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/python/cpython/commit/ee289e6cd5c009e641ee970cfc67996d8f871221",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "Modules/audioop.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "196221488950172925550644331932534438013",
                    "189482937106790974487117451542323051760",
                    "128124632389929399064464979486347852305",
                    "80366452554841449162056830552976713835",
                    "163456086712753299228322560937451675916",
                    "143942870675118306613615219700349720885",
                    "165100708944452796940240566622174075771",
                    "198437367510675418763152917465280530535",
                    "82097478808595579467027996374351835359",
                    "126519212345464101720242550191032702066",
                    "302016707278406119724458255654937869047",
                    "5714515429329146646602899079998014199",
                    "259508037812439674924927019010023121808",
                    "216385772479634061450847157053938661001"
                ]
            },
            "id": "PSF-2010-4-135d87ef"
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/python/cpython/commit/7ceb497ae6f554274399bd9916ea5a21de443208",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "Modules/audioop.c",
                "function": "audioop_ratecv"
            },
            "digest": {
                "function_hash": "72787498096910933663130686643902866304",
                "length": 3676.0
            },
            "id": "PSF-2010-4-8201bb1b"
        },
        {
            "signature_version": "v1",
            "source": "https://github.com/python/cpython/commit/ee289e6cd5c009e641ee970cfc67996d8f871221",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "Modules/audioop.c",
                "function": "audioop_ratecv"
            },
            "digest": {
                "function_hash": "174948461962022499679745888077650851886",
                "length": 3650.0
            },
            "id": "PSF-2010-4-a12651c7"
        }
    ]
}