CVE-2010-0830

Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.2
gnuglibc
2.2.1
gnuglibc
2.2.2
gnuglibc
2.2.3
gnuglibc
2.2.4
gnuglibc
2.2.5
gnuglibc
2.3
gnuglibc
2.3.1
gnuglibc
2.3.2
gnuglibc
2.3.3
gnuglibc
2.3.4
gnuglibc
2.3.5
gnuglibc
2.3.6
gnuglibc
2.3.10
gnuglibc
2.4
gnuglibc
2.5
gnuglibc
2.5.1
gnuglibc
2.6
gnuglibc
2.6.1
gnuglibc
2.7
gnuglibc
2.8
gnuglibc
2.9
gnuglibc
2.10
gnuglibc
2.10.1
gnuglibc
2.11
gnuglibc
2.11.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
lucid
Fixed 2.11.1-0ubuntu7.1
released
karmic
Fixed 2.10.1-0ubuntu17
released
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
glibc
lucid
dne
karmic
dne
jaunty
Fixed 2.9-4ubuntu6.2
released
intrepid
ignored
hardy
Fixed 2.7-10ubuntu6
released
dapper
Fixed 2.3.6-0ubuntu20.6
released
Common Weakness Enumeration
References
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://frugalware.org/security/662
http://secunia.com/advisories/39900
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securitytracker.com/id?1024044
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://www.securityfocus.com/bid/40063
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://frugalware.org/security/662
http://secunia.com/advisories/39900
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securitytracker.com/id?1024044
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://www.securityfocus.com/bid/40063
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html