CVE-2010-2089
EPSS 10.0%
Description
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
How to fix CVE-2010-2089
To remediate CVE-2010-2089, upgrade the affected package to a fixed version below.
- Debian/python2.7—upgrade to 2.7-1 or later
Is CVE-2010-2089 being exploited?
Moderate — EPSS is 10.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.7-1