Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2891 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsmi

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

7.5HIGHNVD

EPSS

32.6%

top 3.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Tu-braunschweig Libsmi Debian Libsmi Msrc Azure Linux 3.0 ARM +3 more

Timeline

PublishedOct 28

Latest updateJun 11

Description

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶debiandebian/libsmi< libsmi 0.4.8+dfsg2-3 (bookworm)

▶Debiantu-braunschweig/libsmi< 0.4.8+dfsg2-3+3

▶NVDtu-braunschweig/libsmi0.4.8

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: www.coresecurity.com ↗Patch: www.exploit-db.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gwqp-8wjj-p3gj: Buffer overflow in the smiGetNode function in lib/smi↗2022-05-14

▶

OSV

CVE-2010-2891: Buffer overflow in the smiGetNode function in lib/smi↗2010-10-28

▶

💥Exploits & PoCs

Exploit-DB

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form↗2010-10-20

▶

📋Vendor Advisories

Microsoft

CVE-2010-2891: NIST NVD Details: https://nvd↗2024-06-11

▶

Red Hat

libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution↗2010-10-20

▶

Debian

CVE-2010-2891: libsmi - Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows c...↗2010

▶

💬Community

Bugzilla

CVE-2010-2891 libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution↗2010-10-28

▶