CVE-2010-2947 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
jan_engelhardt	libhx	𝑥 ≤ 3.5
jan_engelhardt	libhx	1.10.0
jan_engelhardt	libhx	1.10.1
jan_engelhardt	libhx	1.10.2
jan_engelhardt	libhx	1.15
jan_engelhardt	libhx	1.17
jan_engelhardt	libhx	1.18
jan_engelhardt	libhx	1.22
jan_engelhardt	libhx	1.23
jan_engelhardt	libhx	1.25
jan_engelhardt	libhx	1.26
jan_engelhardt	libhx	1.27
jan_engelhardt	libhx	1.28
jan_engelhardt	libhx	2.0
jan_engelhardt	libhx	2.1
jan_engelhardt	libhx	2.2
jan_engelhardt	libhx	2.3
jan_engelhardt	libhx	2.4
jan_engelhardt	libhx	2.5
jan_engelhardt	libhx	2.6
jan_engelhardt	libhx	2.7
jan_engelhardt	libhx	2.8
jan_engelhardt	libhx	2.9
jan_engelhardt	libhx	3.0
jan_engelhardt	libhx	3.0.1
jan_engelhardt	libhx	3.1
jan_engelhardt	libhx	3.2
jan_engelhardt	libhx	3.3
jan_engelhardt	libhx	3.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libhx

bullseye	3.25-2 fixed
lenny	no-dsa
bookworm	4.10-1 fixed
sid	4.23-1 fixed
trixie	4.23-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libhx

lucid	Fixed 3.2-1ubuntu0.1 released
karmic	Fixed 2.9-3ubuntu0.1 released
jaunty	Fixed 1.28-1ubuntu0.1 released
hardy	Fixed 1.10.2-2ubuntu0.1 released
dapper	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:165

http://www.openwall.com/lists/oss-security/2010/08/20/12

http://www.openwall.com/lists/oss-security/2010/08/20/5

http://www.securityfocus.com/bid/42592

http://www.vupen.com/english/advisories/2010/2232

https://bugzilla.redhat.com/show_bug.cgi?id=625866

http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:165

http://www.openwall.com/lists/oss-security/2010/08/20/12

http://www.openwall.com/lists/oss-security/2010/08/20/5

http://www.securityfocus.com/bid/42592

http://www.vupen.com/english/advisories/2010/2232

https://bugzilla.redhat.com/show_bug.cgi?id=625866