CVE-2010-2539
published 2010-08-02CVE-2010-2539: Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of…
PriorityP46low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.32%
24.0th percentile
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mapserver | < mapserver 5.6.4-1 (bookworm) | mapserver 5.6.4-1 (bookworm) |
| osgeo | mapserver | <= 4.10.5 | — |
| osgeo | mapserver | <= 5.6.3 | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | >= 0 < 5.6.4-1 | 5.6.4-1 |
| osgeo | mapserver | >= 0 < 5.6.4-1 | 5.6.4-1 |
| osgeo | mapserver | >= 0 < 5.6.4-1 | 5.6.4-1 |
| osgeo | mapserver | >= 0 < 5.6.4-1 | 5.6.4-1 |
| umn | mapserver | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-2539: mapserver - Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer b...
vendor_debian·2010·CVSS 2.1
CVE-2010-2539 [LOW] CVE-2010-2539: mapserver - Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer b...
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
Scope: local
bookworm: resolved (fixed in 5.6.4-1)
bullseye: resolved (fixed in 5.6.4-1)
forky: resolved (fixed in 5.6.4-1)
sid: resolved (fixed in 5.6.4-1)
trixie: resolved (fixed in 5.6.4-1)
GHSA
GHSA-5j7j-27cq-wg7x: Buffer overflow in the msTmpFile function in maputil
ghsa_unreviewed·2022-05-13
CVE-2010-2539 [LOW] CWE-119 GHSA-5j7j-27cq-wg7x: Buffer overflow in the msTmpFile function in maputil
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
OSV
CVE-2010-2539: Buffer overflow in the msTmpFile function in maputil
osv·2010-08-02·CVSS 2.1
CVE-2010-2539 [LOW] CVE-2010-2539: Buffer overflow in the msTmpFile function in maputil
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2539 CVE-2010-2540 mapserver various flaws [fedora-all]
bugzilla·2010-07-22·CVSS 2.1
CVE-2010-2539 [LOW] CVE-2010-2539 CVE-2010-2540 mapserver various flaws [fedora-all]
CVE-2010-2539 CVE-2010-2540 mapserver various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=617312
Please note: this issue affects multiple supporte
Bugzilla
CVE-2010-2539 MapServer: Buffer overflow by generating unique temporary filename(s) (Trac#3484)
bugzilla·2010-07-22·CVSS 2.1
CVE-2010-2539 [LOW] CVE-2010-2539 MapServer: Buffer overflow by generating unique temporary filename(s) (Trac#3484)
CVE-2010-2539 MapServer: Buffer overflow by generating unique temporary filename(s) (Trac#3484)
MapServer upstream during a security audit of MapServer v5.6 source
code found a potential buffer overflow in the way MapServer generated
unique temporary filenames. A local attacker could use this flaw to
conduct denial of service attacks.
References:
[1] http://trac.osgeo.org/mapserver/ticket/3484
Upstream patch (against 5-4 SVN branch):
[2] http://trac.osgeo.org/mapserver/changeset/10310
Upstream patch (against trunk):
[3] http://trac.osgeo.org/mapserver/changeset/10318
Discussion:
This issue affects the versions of the mapserver package, as shipped
with Fedora release of 12 and 13.
Please fix.
---
Created mapserver tracking bugs for this issue
Affects: fedora-all [bug 617314]
http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.htmlhttp://marc.info/?l=oss-security&m=127973381215859&w=2http://marc.info/?l=oss-security&m=127973754121922&w=2http://trac.osgeo.org/mapserver/ticket/3484http://www.securityfocus.com/bid/41855https://bugzilla.redhat.com/show_bug.cgi?id=617312https://exchange.xforce.ibmcloud.com/vulnerabilities/60851http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.htmlhttp://marc.info/?l=oss-security&m=127973381215859&w=2http://marc.info/?l=oss-security&m=127973754121922&w=2http://trac.osgeo.org/mapserver/ticket/3484http://www.securityfocus.com/bid/41855https://bugzilla.redhat.com/show_bug.cgi?id=617312https://exchange.xforce.ibmcloud.com/vulnerabilities/60851
2010-08-02
Published