CVE-2010-4336 — Reachable Assertion in Collectd

CWE-3996 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Collectd Debian Collectd

Timeline

PublishedDec 17

Latest updateMay 17

Description

The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/collectd< collectd 4.10.1-2.1 (bookworm)

▶Debiancollectd/collectd< 4.10.1-2.1+3

▶NVDcollectd/collectd65 versions+64

🔴Vulnerability Details

GHSA

GHSA-5h26-g27j-3qwx: The cu_rrd_create_file function (src/utils_rrdcreate↗2022-05-17

▶

OSV

CVE-2010-4336: The cu_rrd_create_file function (src/utils_rrdcreate↗2010-12-17

▶

📋Vendor Advisories

Debian

CVE-2010-4336: collectd - The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4...↗2010

▶

💬Community

Bugzilla

CVE-2010-4336 collectd: DoS via the RRDtool and RRDCacheD plugins [fedora-all]↗2010-12-16

▶

Bugzilla

CVE-2010-4336 collectd: DoS via the RRDtool and RRDCacheD plugins↗2010-12-16

▶