Lucene search

[email protected]CVE-2007-2640

HistoryMay 13, 2007 - 11:19 p.m.

CVE-2007-2640

2007-05-1323:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2640

libtmcg

range check

vulnerability

security issue

6.7 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.005 Low

EPSS

Percentile

74.8%

JSON

LibTMCG before 1.1.1 does not perform a range check to avoid “trivial group generators,” which allows attackers to obtain sensitive information about private cards.

CPENameOperatorVersion
heiko_stamer:libtmcgheiko stamer libtmcgeq1.0
heiko_stamer:libtmcgheiko stamer libtmcgeq1.1
heiko_stamer:libtmcgheiko stamer libtmcgeq1.0.1

CPE	Name	Operator	Version
heiko_stamer:libtmcg	heiko stamer libtmcg	eq	1.0
heiko_stamer:libtmcg	heiko stamer libtmcg	eq	1.1
heiko_stamer:libtmcg	heiko stamer libtmcg	eq	1.0.1

References

osvdb.org/34772

savannah.nongnu.org/forum/forum.php?forum_id=4847

secunia.com/advisories/25317

www.securityfocus.com/bid/23930

www.vupen.com/english/advisories/2007/1760

exchange.xforce.ibmcloud.com/vulnerabilities/34235

6.7 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.005 Low

EPSS

Percentile

74.8%

JSON

Related for CVE-2007-2640

prion1