CVE-2010-0411
published 2010-02-08CVE-2010-0411: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to…
PriorityP418medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.95%
56.9th percentile
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | systemtap | < systemtap 1.2-1 (bookworm) | systemtap 1.2-1 (bookworm) |
| systemtap | systemtap | — | — |
| systemtap | systemtap | >= 0 < 1.2-1 | 1.2-1 |
| systemtap | systemtap | >= 0 < 1.2-1 | 1.2-1 |
| systemtap | systemtap | >= 0 < 1.2-1 | 1.2-1 |
| systemtap | systemtap | >= 0 < 1.2-1 | 1.2-1 |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv4.9MEDIUM
vendor_debian4.9LOW
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
systemtap: Crash with systemtap script using __get_argv()
vendor_redhat·2010-01-29·CVSS 4.9
CVE-2010-0411 [MEDIUM] systemtap: Crash with systemtap script using __get_argv()
systemtap: Crash with systemtap script using __get_argv()
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
Debian
CVE-2010-0411: systemtap - Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_ar...
vendor_debian·2010·CVSS 4.9
CVE-2010-0411 [MEDIUM] CVE-2010-0411: systemtap - Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_ar...
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.2-1)
bullseye: resolved (fixed in 1.2-1)
forky: resolved (fixed in 1.2-1)
sid: resolved (fixed in 1.2-1)
trixie: resolved (fixed in 1.2-1)
GHSA
GHSA-h63c-ff5w-hmx7: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls
ghsa_unreviewed·2022-05-02
CVE-2010-0411 [MEDIUM] GHSA-h63c-ff5w-hmx7: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
OSV
CVE-2010-0411: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls
osv·2010-02-08·CVSS 4.9
CVE-2010-0411 [MEDIUM] CVE-2010-0411: Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
No detection rules found.
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://marc.info/?l=oss-security&m=126530657715364&w=2http://secunia.com/advisories/38426http://secunia.com/advisories/38680http://secunia.com/advisories/38765http://secunia.com/advisories/38817http://secunia.com/advisories/39656http://securitytracker.com/id?1023664http://sourceware.org/bugzilla/show_bug.cgi?id=11234http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363ahttp://www.redhat.com/support/errata/RHSA-2010-0124.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0125.htmlhttp://www.securityfocus.com/bid/38120http://www.vupen.com/english/advisories/2010/1001https://bugzilla.redhat.com/show_bug.cgi?id=559719https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://marc.info/?l=oss-security&m=126530657715364&w=2http://secunia.com/advisories/38426http://secunia.com/advisories/38680http://secunia.com/advisories/38765http://secunia.com/advisories/38817http://secunia.com/advisories/39656http://securitytracker.com/id?1023664http://sourceware.org/bugzilla/show_bug.cgi?id=11234http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363ahttp://www.redhat.com/support/errata/RHSA-2010-0124.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0125.htmlhttp://www.securityfocus.com/bid/38120http://www.vupen.com/english/advisories/2010/1001https://bugzilla.redhat.com/show_bug.cgi?id=559719https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675
2010-02-08
Published