CVE-2010-2891
published 2010-10-28CVE-2010-2891: Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.04%
96.1th percentile
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsmi | < libsmi 0.4.8+dfsg2-3 (bookworm) | libsmi 0.4.8+dfsg2-3 (bookworm) |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| tu-braunschweig | libsmi | — | — |
| tu-braunschweig | libsmi | >= 0 < 0.4.8+dfsg2-3 | 0.4.8+dfsg2-3 |
| tu-braunschweig | libsmi | >= 0 < 0.4.8+dfsg2-3 | 0.4.8+dfsg2-3 |
| tu-braunschweig | libsmi | >= 0 < 0.4.8+dfsg2-3 | 0.4.8+dfsg2-3 |
| tu-braunschweig | libsmi | >= 0 < 0.4.8+dfsg2-3 | 0.4.8+dfsg2-3 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gwqp-8wjj-p3gj: Buffer overflow in the smiGetNode function in lib/smi
ghsa_unreviewed·2022-05-14
CVE-2010-2891 [HIGH] CWE-119 GHSA-gwqp-8wjj-p3gj: Buffer overflow in the smiGetNode function in lib/smi
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
OSV
CVE-2010-2891: Buffer overflow in the smiGetNode function in lib/smi
osv·2010-10-28·CVSS 7.5
CVE-2010-2891 [HIGH] CVE-2010-2891: Buffer overflow in the smiGetNode function in lib/smi
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
Microsoft
CVE-2010-2891: NIST NVD Details: https://nvd
vendor_msrc·2024-06-11·CVSS 7.5
CVE-2010-2891 [HIGH] CVE-2010-2891: NIST NVD Details: https://nvd
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2010-2891
Mariner: Mariner
[email protected]: [email protected]
Customer Action Required: Yes
Remediation: libsmi
Reference: https://nvd.nist.gov/vuln/detail/CVE-2010-2891
Red Hat
libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution
vendor_redhat·2010-10-20·CVSS 7.5
CVE-2010-2891 [HIGH] libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution
libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
Statement: This issue affects the version of libsmi shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Package: libsmi (Red Hat Enterprise Linux 4) - Will not fix
Package: libsmi (Red Hat Enterprise Linux 5) - Will not fix
Package: libsmi (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2010-2891: libsmi - Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows c...
vendor_debian·2010·CVSS 7.5
CVE-2010-2891 [HIGH] CVE-2010-2891: libsmi - Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows c...
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
Scope: local
bookworm: resolved (fixed in 0.4.8+dfsg2-3)
bullseye: resolved (fixed in 0.4.8+dfsg2-3)
forky: resolved (fixed in 0.4.8+dfsg2-3)
sid: resolved (fixed in 0.4.8+dfsg2-3)
trixie: resolved (fixed in 0.4.8+dfsg2-3)
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41841http://secunia.com/advisories/42877http://secunia.com/advisories/42902http://secunia.com/advisories/43068http://security-tracker.debian.org/tracker/CVE-2010-2891http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflowhttp://www.debian.org/security/2011/dsa-2145http://www.exploit-db.com/exploits/15293http://www.mandriva.com/security/advisories?name=MDVSA-2010:209http://www.securityfocus.com/archive/1/514382/100/0/threadedhttp://www.securityfocus.com/bid/44276http://www.vupen.com/english/advisories/2010/2764http://www.vupen.com/english/advisories/2011/0076http://www.vupen.com/english/advisories/2011/0111http://www.vupen.com/english/advisories/2011/0212https://exchange.xforce.ibmcloud.com/vulnerabilities/62686http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41841http://secunia.com/advisories/42877http://secunia.com/advisories/42902http://secunia.com/advisories/43068http://security-tracker.debian.org/tracker/CVE-2010-2891http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflowhttp://www.debian.org/security/2011/dsa-2145http://www.exploit-db.com/exploits/15293http://www.mandriva.com/security/advisories?name=MDVSA-2010:209http://www.securityfocus.com/archive/1/514382/100/0/threadedhttp://www.securityfocus.com/bid/44276http://www.vupen.com/english/advisories/2010/2764http://www.vupen.com/english/advisories/2011/0076http://www.vupen.com/english/advisories/2011/0111http://www.vupen.com/english/advisories/2011/0212https://exchange.xforce.ibmcloud.com/vulnerabilities/62686
2010-10-28
Published