CVE-2010-3405 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Vios

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 80.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedSep 16

Latest updateMay 14

Description

Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/vios1.5, 2.1+1

▶NVDibm/aix5.3, 6.1+1

Patches

Patch: aix.software.ibm.com ↗Patch: aix.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5f46-2wpv-265h: Buffer overflow in sa_snap in the bos↗2022-05-14

▶

CVEList

CVE-2010-3405: Buffer overflow in sa_snap in the bos↗2010-09-16

▶