7.5

CVE-2010-2725

BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BarnowlBarnowl Version <= 1.6.1
BarnowlBarnowl Version1.0.0
BarnowlBarnowl Version1.0.1
BarnowlBarnowl Version1.0.2
BarnowlBarnowl Version1.0.2.1
BarnowlBarnowl Version1.0.3
BarnowlBarnowl Version1.0.4
BarnowlBarnowl Version1.0.4.1
BarnowlBarnowl Version1.0.5
BarnowlBarnowl Version1.1
BarnowlBarnowl Version1.1.1
BarnowlBarnowl Version1.2
BarnowlBarnowl Version1.2.1
BarnowlBarnowl Version1.3
BarnowlBarnowl Version1.4
BarnowlBarnowl Version1.4 Updaterc1
BarnowlBarnowl Version1.5
BarnowlBarnowl Version1.5 Updaterc1
BarnowlBarnowl Version1.5 Updaterc2
BarnowlBarnowl Version1.5.1
BarnowlBarnowl Version1.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.5% 0.793
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.