cbcvebase.
CVE-2010-0411
published 2010-02-08

CVE-2010-0411: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to…

PriorityP418medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.95%
56.9th percentile
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiansystemtap< systemtap 1.2-1 (bookworm)systemtap 1.2-1 (bookworm)
systemtapsystemtap
systemtapsystemtap>= 0 < 1.2-11.2-1
systemtapsystemtap>= 0 < 1.2-11.2-1
systemtapsystemtap>= 0 < 1.2-11.2-1
systemtapsystemtap>= 0 < 1.2-11.2-1

CVSS provenance

nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv4.9MEDIUM
vendor_debian4.9LOW
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.