Lucene search

[email protected]CVE-2010-1349

HistoryApr 12, 2010 - 6:30 p.m.

CVE-2010-1349

2010-04-1218:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-1349

opera

integer overflow

remote code execution

content-length

heap overflow

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.923 High

EPSS

Percentile

99.0%

JSON

Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

Affected configurations

NVD

Node

operaopera_browserMatch10.10

operaopera_browserMatch10.50

operaopera_browserMatch10.50beta_1

operaopera_browserMatch10.50beta_2

AND

microsoftwindows

CPENameOperatorVersion
opera:opera_browseropera opera browsereq10.10
opera:opera_browseropera opera browsereq10.50

CPE	Name	Operator	Version
opera:opera_browser	opera opera browser	eq	10.10
opera:opera_browser	opera opera browser	eq	10.50

References

my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue

osvdb.org/62714

secunia.com/advisories/38820

www.exploit-db.com/exploits/11622

www.opera.com/support/kb/view/948/

www.securityfocus.com/bid/38519

www.securitytracker.com/id?1023690

www.vupen.com/english/advisories/2010/0529

exchange.xforce.ibmcloud.com/vulnerabilities/56673

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.923 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2010-1349

openvas6 prion1 nvd1 checkpoint_advisories1 cvelist1 nessus2 gentoo1