Lucene search

[email protected]CVE-2010-4666

HistoryApr 13, 2012 - 8:55 p.m.

CVE-2010-4666

2012-04-1320:55:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-4666

buffer overflow

libarchive

denial of service

application crash

remote attackers

unspecified impact

cab file

huffman code

lzx compressed data

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.

Affected configurations

NVD

Node

freebsdlibarchiveMatch3.0

CPENameOperatorVersion
freebsd:libarchivefreebsd libarchiveeq3.0

CPE	Name	Operator	Version
freebsd:libarchive	freebsd libarchive	eq	3.0

References

code.google.com/p/libarchive/source/detail?r=2842

bugzilla.redhat.com/show_bug.cgi?id=705849

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2010-4666

prion1 nvd1 debiancve1 ubuntucve1 cvelist1 nessus2 openvas3 gentoo1