CVE-2010-2759 — Mozilla Bugzilla vulnerability

CWE-1895 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

1.6%

top 18.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 16

Latest updateMay 17

Description

Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla51 versions+50

🔴Vulnerability Details

GHSA

GHSA-qwm7-v54x-94hf: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2010-2759: Bugzilla 2↗2010-08-13

▶

💬Community

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2 [fedora-all]↗2010-08-11

▶

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2↗2010-08-11

▶