cvelistv5 - cve-2010-2891

CVE-2010-2891 (GCVE-0-2010-2891)

Vulnerability from cvelistv5 – Published: 2010-10-27 22:00 – Updated: 2024-08-07 02:46

Summary

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/43068	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2011/0212	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/41841	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/42902	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/44276	vdb-entryx_refsource_BID
	http://www.debian.org/security/2011/dsa-2145	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2011/0111	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/42877	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/514382/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2011/0076	vdb-entryx_refsource_VUPEN
	http://www.coresecurity.com/content/libsmi-smiget…	x_refsource_MISC
	http://security-tracker.debian.org/tracker/CVE-20…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/15293	exploitx_refsource_EXPLOIT-DB
	http://www.vupen.com/english/advisories/2010/2764	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2011:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
          },
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "MDVSA-2010:209",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "41841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41841"
          },
          {
            "name": "42902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42902"
          },
          {
            "name": "44276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44276"
          },
          {
            "name": "DSA-2145",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2145"
          },
          {
            "name": "ADV-2011-0111",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0111"
          },
          {
            "name": "42877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42877"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
          },
          {
            "name": "ADV-2011-0076",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0076"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
          },
          {
            "name": "15293",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15293"
          },
          {
            "name": "ADV-2010-2764",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2764"
          },
          {
            "name": "libsmi-smigetnode-bo(62686)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2011:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
        },
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "MDVSA-2010:209",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "41841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41841"
        },
        {
          "name": "42902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42902"
        },
        {
          "name": "44276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44276"
        },
        {
          "name": "DSA-2145",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2145"
        },
        {
          "name": "ADV-2011-0111",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0111"
        },
        {
          "name": "42877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42877"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
        },
        {
          "name": "ADV-2011-0076",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0076"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
        },
        {
          "name": "15293",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15293"
        },
        {
          "name": "ADV-2010-2764",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2764"
        },
        {
          "name": "libsmi-smigetnode-bo(62686)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2011:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "MDVSA-2010:209",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "41841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41841"
            },
            {
              "name": "42902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42902"
            },
            {
              "name": "44276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44276"
            },
            {
              "name": "DSA-2145",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2145"
            },
            {
              "name": "ADV-2011-0111",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0111"
            },
            {
              "name": "42877",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
            },
            {
              "name": "ADV-2011-0076",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
            },
            {
              "name": "http://security-tracker.debian.org/tracker/CVE-2010-2891",
              "refsource": "CONFIRM",
              "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
            },
            {
              "name": "15293",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15293"
            },
            {
              "name": "ADV-2010-2764",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2764"
            },
            {
              "name": "libsmi-smigetnode-bo(62686)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2891",
    "datePublished": "2010-10-27T22:00:00",
    "dateReserved": "2010-07-27T00:00:00",
    "dateUpdated": "2024-08-07T02:46:48.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tu-braunschweig:libsmi:0.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB590CF-B1A6-4F09-AAC7-27101BEE90E5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en la funci\\u00f3n smiGetNode en lib/smi.c en libsmi v0.4.8 permite a atacantes dependientes de contexto ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un identificador de objeto (tambi\\u00e9n conocido como OID), representado como una cadena num\\u00e9rica que contiene muchos componentes separados por caracteres . (punto).\"}]",
      "id": "CVE-2010-2891",
      "lastModified": "2024-11-21T01:17:34.667",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-10-28T00:00:02.313",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/41841\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42877\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42902\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security-tracker.debian.org/tracker/CVE-2010-2891\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2145\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.exploit-db.com/exploits/15293\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:209\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514382/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/44276\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2764\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0076\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0111\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62686\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/41841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security-tracker.debian.org/tracker/CVE-2010-2891\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.debian.org/security/2011/dsa-2145\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/15293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514382/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/44276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2764\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62686\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2891\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-10-28T00:00:02.313\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en la funci\u00f3n smiGetNode en lib/smi.c en libsmi v0.4.8 permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un identificador de objeto (tambi\u00e9n conocido como OID), representado como una cadena num\u00e9rica que contiene muchos componentes separados por caracteres . (punto).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tu-braunschweig:libsmi:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB590CF-B1A6-4F09-AAC7-27101BEE90E5\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/41841\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42877\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42902\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security-tracker.debian.org/tracker/CVE-2010-2891\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2145\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/15293\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:209\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/514382/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/44276\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0076\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0111\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62686\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/41841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security-tracker.debian.org/tracker/CVE-2010-2891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/15293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/514382/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/44276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62686\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-2891

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2891

Aliases

CVE-2010-2891

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2891",
    "description": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",
    "id": "GSD-2010-2891",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2891.html",
      "https://www.debian.org/security/2011/dsa-2145"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2891"
      ],
      "details": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",
      "id": "GSD-2010-2891",
      "modified": "2023-12-13T01:21:31.377973Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2891",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2011:001",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
          },
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "MDVSA-2010:209",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "41841",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/41841"
          },
          {
            "name": "42902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42902"
          },
          {
            "name": "44276",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44276"
          },
          {
            "name": "DSA-2145",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2145"
          },
          {
            "name": "ADV-2011-0111",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0111"
          },
          {
            "name": "42877",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42877"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
          },
          {
            "name": "ADV-2011-0076",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0076"
          },
          {
            "name": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
          },
          {
            "name": "http://security-tracker.debian.org/tracker/CVE-2010-2891",
            "refsource": "CONFIRM",
            "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
          },
          {
            "name": "15293",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15293"
          },
          {
            "name": "ADV-2010-2764",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2764"
          },
          {
            "name": "libsmi-smigetnode-bo(62686)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tu-braunschweig:libsmi:0.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2891"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15293",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.exploit-db.com/exploits/15293"
            },
            {
              "name": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
            },
            {
              "name": "44276",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/44276"
            },
            {
              "name": "41841",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/41841"
            },
            {
              "name": "ADV-2010-2764",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2764"
            },
            {
              "name": "MDVSA-2010:209",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
            },
            {
              "name": "http://security-tracker.debian.org/tracker/CVE-2010-2891",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
            },
            {
              "name": "SUSE-SR:2011:001",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "ADV-2011-0076",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "42877",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "ADV-2011-0111",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0111"
            },
            {
              "name": "42902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42902"
            },
            {
              "name": "DSA-2145",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2145"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "libsmi-smigetnode-bo(62686)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
            },
            {
              "name": "20101020 [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:00Z",
      "publishedDate": "2010-10-28T00:00Z"
    }
  }
}

MSRC_CVE-2010-2891

Vulnerability from csaf_microsoft - Published: 2010-10-02 00:00 - Updated: 2024-06-30 07:00

Summary

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2010-2891 Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2010/msrc_cve-2010-2891.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",
    "tracking": {
      "current_release_date": "2024-06-30T07:00:00.000Z",
      "generator": {
        "date": "2025-10-19T16:43:57.499Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2010-2891",
      "initial_release_date": "2010-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-12-16T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-06-30T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 libsmi 0.4.8-27",
                "product": {
                  "name": "\u003ccbl2 libsmi 0.4.8-27",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 libsmi 0.4.8-27",
                "product": {
                  "name": "cbl2 libsmi 0.4.8-27",
                  "product_id": "19229"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libsmi 0.4.8-28",
                "product": {
                  "name": "\u003cazl3 libsmi 0.4.8-28",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libsmi 0.4.8-28",
                "product": {
                  "name": "azl3 libsmi 0.4.8-28",
                  "product_id": "19230"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libsmi 0.4.8-29",
                "product": {
                  "name": "\u003cazl3 libsmi 0.4.8-29",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libsmi 0.4.8-29",
                "product": {
                  "name": "azl3 libsmi 0.4.8-29",
                  "product_id": "20060"
                }
              }
            ],
            "category": "product_name",
            "name": "libsmi"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 libsmi 0.4.8-27 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libsmi 0.4.8-27 as a component of CBL Mariner 2.0",
          "product_id": "19229-17086"
        },
        "product_reference": "19229",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libsmi 0.4.8-28 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libsmi 0.4.8-28 as a component of Azure Linux 3.0",
          "product_id": "19230-17084"
        },
        "product_reference": "19230",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libsmi 0.4.8-29 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libsmi 0.4.8-29 as a component of Azure Linux 3.0",
          "product_id": "20060-17084"
        },
        "product_reference": "20060",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2891",
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19229-17086",
          "19230-17084",
          "20060-17084"
        ],
        "known_affected": [
          "17086-3",
          "17084-2",
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2010-2891 Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2010/msrc_cve-2010-2891.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T00:00:00.000Z",
          "details": "0.4.8-27:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2021-12-16T00:00:00.000Z",
          "details": "0.4.8-28:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2",
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
    }
  ]
}

GHSA-GWQP-8WJJ-P3GJ

Vulnerability from github – Published: 2022-05-14 02:43 – Updated: 2022-05-14 02:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-28T00:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",
  "id": "GHSA-gwqp-8wjj-p3gj",
  "modified": "2022-05-14T02:43:43Z",
  "published": "2022-05-14T02:43:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2891"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41841"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42877"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2145"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15293"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44276"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2764"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0076"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0111"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

OPENSUSE-SU-2024:10266-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libsmi-0.4.8-24.8 on GA media

Notes

Title of the patch

libsmi-0.4.8-24.8 on GA media

Description of the patch

These are all security issues fixed in the libsmi-0.4.8-24.8 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10266

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libsmi-0.4.8-24.8 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libsmi-0.4.8-24.8 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10266",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10266-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-2891 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-2891/"
      }
    ],
    "title": "libsmi-0.4.8-24.8 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10266-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsmi-0.4.8-24.8.aarch64",
                "product": {
                  "name": "libsmi-0.4.8-24.8.aarch64",
                  "product_id": "libsmi-0.4.8-24.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi-devel-0.4.8-24.8.aarch64",
                "product": {
                  "name": "libsmi-devel-0.4.8-24.8.aarch64",
                  "product_id": "libsmi-devel-0.4.8-24.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi2-0.4.8-24.8.aarch64",
                "product": {
                  "name": "libsmi2-0.4.8-24.8.aarch64",
                  "product_id": "libsmi2-0.4.8-24.8.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsmi-0.4.8-24.8.ppc64le",
                "product": {
                  "name": "libsmi-0.4.8-24.8.ppc64le",
                  "product_id": "libsmi-0.4.8-24.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi-devel-0.4.8-24.8.ppc64le",
                "product": {
                  "name": "libsmi-devel-0.4.8-24.8.ppc64le",
                  "product_id": "libsmi-devel-0.4.8-24.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi2-0.4.8-24.8.ppc64le",
                "product": {
                  "name": "libsmi2-0.4.8-24.8.ppc64le",
                  "product_id": "libsmi2-0.4.8-24.8.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsmi-0.4.8-24.8.s390x",
                "product": {
                  "name": "libsmi-0.4.8-24.8.s390x",
                  "product_id": "libsmi-0.4.8-24.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi-devel-0.4.8-24.8.s390x",
                "product": {
                  "name": "libsmi-devel-0.4.8-24.8.s390x",
                  "product_id": "libsmi-devel-0.4.8-24.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi2-0.4.8-24.8.s390x",
                "product": {
                  "name": "libsmi2-0.4.8-24.8.s390x",
                  "product_id": "libsmi2-0.4.8-24.8.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsmi-0.4.8-24.8.x86_64",
                "product": {
                  "name": "libsmi-0.4.8-24.8.x86_64",
                  "product_id": "libsmi-0.4.8-24.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi-devel-0.4.8-24.8.x86_64",
                "product": {
                  "name": "libsmi-devel-0.4.8-24.8.x86_64",
                  "product_id": "libsmi-devel-0.4.8-24.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsmi2-0.4.8-24.8.x86_64",
                "product": {
                  "name": "libsmi2-0.4.8-24.8.x86_64",
                  "product_id": "libsmi2-0.4.8-24.8.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-0.4.8-24.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-0.4.8-24.8.aarch64"
        },
        "product_reference": "libsmi-0.4.8-24.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-0.4.8-24.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-0.4.8-24.8.ppc64le"
        },
        "product_reference": "libsmi-0.4.8-24.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-0.4.8-24.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-0.4.8-24.8.s390x"
        },
        "product_reference": "libsmi-0.4.8-24.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-0.4.8-24.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-0.4.8-24.8.x86_64"
        },
        "product_reference": "libsmi-0.4.8-24.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-devel-0.4.8-24.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.aarch64"
        },
        "product_reference": "libsmi-devel-0.4.8-24.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-devel-0.4.8-24.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.ppc64le"
        },
        "product_reference": "libsmi-devel-0.4.8-24.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-devel-0.4.8-24.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.s390x"
        },
        "product_reference": "libsmi-devel-0.4.8-24.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi-devel-0.4.8-24.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.x86_64"
        },
        "product_reference": "libsmi-devel-0.4.8-24.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi2-0.4.8-24.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.aarch64"
        },
        "product_reference": "libsmi2-0.4.8-24.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi2-0.4.8-24.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.ppc64le"
        },
        "product_reference": "libsmi2-0.4.8-24.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi2-0.4.8-24.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.s390x"
        },
        "product_reference": "libsmi2-0.4.8-24.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsmi2-0.4.8-24.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.x86_64"
        },
        "product_reference": "libsmi2-0.4.8-24.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-2891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsmi-0.4.8-24.8.aarch64",
          "openSUSE Tumbleweed:libsmi-0.4.8-24.8.ppc64le",
          "openSUSE Tumbleweed:libsmi-0.4.8-24.8.s390x",
          "openSUSE Tumbleweed:libsmi-0.4.8-24.8.x86_64",
          "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.aarch64",
          "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.ppc64le",
          "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.s390x",
          "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.x86_64",
          "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.aarch64",
          "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.ppc64le",
          "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.s390x",
          "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-2891",
          "url": "https://www.suse.com/security/cve/CVE-2010-2891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 649867 for CVE-2010-2891",
          "url": "https://bugzilla.suse.com/649867"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsmi-0.4.8-24.8.aarch64",
            "openSUSE Tumbleweed:libsmi-0.4.8-24.8.ppc64le",
            "openSUSE Tumbleweed:libsmi-0.4.8-24.8.s390x",
            "openSUSE Tumbleweed:libsmi-0.4.8-24.8.x86_64",
            "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.aarch64",
            "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.ppc64le",
            "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.s390x",
            "openSUSE Tumbleweed:libsmi-devel-0.4.8-24.8.x86_64",
            "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.aarch64",
            "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.ppc64le",
            "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.s390x",
            "openSUSE Tumbleweed:libsmi2-0.4.8-24.8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2010-2891"
    }
  ]
}

FKIE_CVE-2010-2891

Vulnerability from fkie_nvd - Published: 2010-10-28 00:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.org	http://secunia.com/advisories/41841	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42877
cve@mitre.org	http://secunia.com/advisories/42902
cve@mitre.org	http://secunia.com/advisories/43068
cve@mitre.org	http://security-tracker.debian.org/tracker/CVE-2010-2891
cve@mitre.org	http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow	Exploit, Patch
cve@mitre.org	http://www.debian.org/security/2011/dsa-2145
cve@mitre.org	http://www.exploit-db.com/exploits/15293	Exploit, Patch
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:209
cve@mitre.org	http://www.securityfocus.com/archive/1/514382/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/44276	Exploit, Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2764	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0076
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0111
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/62686
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41841	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42877
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://security-tracker.debian.org/tracker/CVE-2010-2891
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2145
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15293	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:209
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514382/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44276	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2764	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0076
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0111
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62686

Impacted products

	Vendor	Product	Version
	tu-braunschweig	libsmi	0.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tu-braunschweig:libsmi:0.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB590CF-B1A6-4F09-AAC7-27101BEE90E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funci\u00f3n smiGetNode en lib/smi.c en libsmi v0.4.8 permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un identificador de objeto (tambi\u00e9n conocido como OID), representado como una cadena num\u00e9rica que contiene muchos componentes separados por caracteres . (punto)."
    }
  ],
  "id": "CVE-2010-2891",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-28T00:00:02.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42877"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2145"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.exploit-db.com/exploits/15293"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44276"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2764"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0076"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0111"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-2891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.exploit-db.com/exploits/15293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514382/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62686"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2891 (GCVE-0-2010-2891)

GSD-2010-2891

MSRC_CVE-2010-2891

GHSA-GWQP-8WJJ-P3GJ

OPENSUSE-SU-2024:10266-1

FKIE_CVE-2010-2891

Tags

Sightings

Nomenclature