Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4227

CWE-119Buffer Overflow5 documents4 sources
Severity
10.0CRITICAL
EPSS
38.5%
top 2.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Netware
Timeline
PublishedFeb 25
Latest updateMay 14

Description

The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/netware6.5+1

Patches

Patch: download.novell.comPatch: download.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-r996-hr3f-f6c5: The xdrDecodeString function in XNFS2022-05-14
CVEList
CVE-2010-4227: The xdrDecodeString function in XNFS2011-02-25

💥Exploits & PoCs

2
Exploit-DB
Novell Netware - RPC XNFS xdrDecodeString2011-02-24
Exploit-DB
Free PHP Photo Gallery Script - Remote File Inclusion2010-07-22
CVE-2010-4227 (CRITICAL CVSS 10) | The xdrDecodeString function in XNF | cvebase.io