Lucene search

[email protected]CVE-2010-4666

HistoryApr 13, 2012 - 8:55 p.m.

CVE-2010-4666

2012-04-1320:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-4666

buffer overflow

libarchive

denial of service

application crash

remote attackers

unspecified impact

cab file

huffman code

lzx compressed data

nvd

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

JSON

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.

CPENameOperatorVersion
freebsd:libarchivefreebsd libarchiveeq3.0

CPE	Name	Operator	Version
freebsd:libarchive	freebsd libarchive	eq	3.0

References

code.google.com/p/libarchive/source/detail?r=2842

bugzilla.redhat.com/show_bug.cgi?id=705849

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2010-4666

ubuntucve1 prion1 cvelist1 debiancve1 nessus2 openvas3 gentoo1