CVE-2010-2539 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mapserver

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Osgeo Mapserver Debian Mapserver UMN Mapserver

Timeline

PublishedAug 2

Latest updateMay 13

Description

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/mapserver< mapserver 5.6.4-1 (bookworm)

▶Debianosgeo/mapserver< 5.6.4-1+3

▶NVDosgeo/mapserver4.10.5+18

▶NVDumn/mapserver4.0

Patches

Patch: lists.osgeo.org ↗Patch: trac.osgeo.org ↗Patch: lists.osgeo.org ↗

🔴Vulnerability Details

GHSA

GHSA-5j7j-27cq-wg7x: Buffer overflow in the msTmpFile function in maputil↗2022-05-13

▶

OSV

CVE-2010-2539: Buffer overflow in the msTmpFile function in maputil↗2010-08-02

▶

📋Vendor Advisories

Debian

CVE-2010-2539: mapserver - Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer b...↗2010

▶

💬Community

Bugzilla

CVE-2010-2539 CVE-2010-2540 mapserver various flaws [fedora-all]↗2010-07-22

▶

Bugzilla

CVE-2010-2539 MapServer: Buffer overflow by generating unique temporary filename(s) (Trac#3484)↗2010-07-22

▶