Lucene search

[email protected]CVE-2010-3032

HistoryAug 17, 2010 - 8:00 p.m.

CVE-2010-3032

2010-08-1720:00:04

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-3032

integer overflow

obgiopserverworker

extractheader

sap crystal reports 2008

denial of service

remote attackers

arbitrary code

giop packet

buffer overflow

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.117 Low

EPSS

Percentile

95.3%

JSON

Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

sapcrystal_reportsMatch2008

CPENameOperatorVersion
sap:crystal_reportssap crystal reportseq2008

CPE	Name	Operator	Version
sap:crystal_reports	sap crystal reports	eq	2008

References

dvlabs.tippingpoint.com/advisory/TPTI-10-07

osvdb.org/67080

secunia.com/advisories/40960

www.securityfocus.com/archive/1/513023/100/0/threaded

www.securityfocus.com/archive/1/513024/100/0/threaded

www.securityfocus.com/archive/1/513103/100/0/threaded

www.securityfocus.com/bid/42374

www.securitytracker.com/id?1024334

www.vupen.com/english/advisories/2010/2074

exchange.xforce.ibmcloud.com/vulnerabilities/61065

service.sap.com/sap/support/notes/1473327

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.117 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2010-3032

cvelist1 nvd1 prion1