1.2
CVE-2010-3014
- EPSS 0.27%
- Veröffentlicht 20.08.2010 20:00:02
- Zuletzt bearbeitet 16.06.2026 23:21:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.18 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.2 | 1.9 | 2.9 |
AV:L/AC:H/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN
http://svn.freebsd.org/viewvc/base?view=revision&revision=210997
http://www.securityfocus.com/archive/1/513151/100/0/threaded
http://www.vsecurity.com/resources/advisory/20100816-1/