CVE-2010-2801

Published Aug 9, 2010

Last updated 4 years ago

Overview

Description: Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-189

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33B40EA4-BB4F-4A35-973F-BA856014B2F1",
            "versionEndIncluding": "1.2"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D7B9CCF-67F3-4DC5-9362-09EE3D0FD87F"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924128C3-DE58-4B6A-A497-59B5D3D311DE"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D2543F-BE6B-46FB-93E0-C0F9DEC4490D"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B596E7E-F51E-4DFF-A81F-21E4C3C81F63"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63BDBB7A-673E-412B-BE69-05672AA3050D"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D5EC4F7-C88D-4DBA-A371-58DF4E6344A7"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "670769A1-4133-4834-94E0-BF5F3EF2FFF5"
          },
          {
            "criteria": "cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDBD05D3-31A4-4079-A9E2-2B7EF6403624"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References