CVE-2010-2060

The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
wildbitbeanstalkd
𝑥
≤ 1.4.5
wildbitbeanstalkd
0.5
wildbitbeanstalkd
0.6
wildbitbeanstalkd
0.7
wildbitbeanstalkd
0.8
wildbitbeanstalkd
0.9
wildbitbeanstalkd
0.10
wildbitbeanstalkd
1.0
wildbitbeanstalkd
1.1
wildbitbeanstalkd
1.2
wildbitbeanstalkd
1.3
wildbitbeanstalkd
1.4
wildbitbeanstalkd
1.4.1
wildbitbeanstalkd
1.4.2
wildbitbeanstalkd
1.4.3
wildbitbeanstalkd
1.4.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
beanstalkd
sid
1.12-2
fixed
trixie
1.12-2
fixed
bookworm
1.12-2
fixed
bullseye
1.12-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
beanstalkd
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
ignored
karmic
dne
jaunty
dne
hardy
dne
dapper
dne
References
http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d
http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html
http://osvdb.org/65113
http://secunia.com/advisories/40032
http://www.securityfocus.com/bid/40516
https://exchange.xforce.ibmcloud.com/vulnerabilities/59107
http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d
http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html
http://osvdb.org/65113
http://secunia.com/advisories/40032
http://www.securityfocus.com/bid/40516
https://exchange.xforce.ibmcloud.com/vulnerabilities/59107