5
CVE-2010-3873
- EPSS 3.74%
- Veröffentlicht 03.01.2011 20:00:41
- Zuletzt bearbeitet 16.06.2026 23:23:43
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.36.2
Suse ≫ Linux Enterprise Server Version9
Debian ≫ Debian Linux Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.74% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://secunia.com/advisories/43291
http://www.debian.org/security/2010/dsa-2126
http://www.vupen.com/english/advisories/2011/0375
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6331d6f9a4298173b413cf99a40cc86a9d92c37
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://openwall.com/lists/oss-security/2010/11/03/2
http://openwall.com/lists/oss-security/2010/11/04/3
http://www.spinics.net/lists/netdev/msg145786.html
http://www.spinics.net/lists/netdev/msg145873.html
https://bugzilla.redhat.com/show_bug.cgi?id=649693