CVE-2010-4070

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
ibminformix_dynamic_server
7.31
ibminformix_dynamic_server
9.40.tc5:tc5
ibminformix_dynamic_server
9.40.uc1:uc1
ibminformix_dynamic_server
9.40.uc2:uc2
ibminformix_dynamic_server
9.40.uc3:uc3
ibminformix_dynamic_server
9.40.uc5:uc5
ibminformix_dynamic_server
9.40.xc5:xc5
ibminformix_dynamic_server
9.40.xc7:xc7
ibminformix_dynamic_server
10.00
ibminformix_dynamic_server
10.00.tc3tl:tc3tl
ibminformix_dynamic_server
10.00.xc1:xc1
ibminformix_dynamic_server
10.00.xc2:xc2
ibminformix_dynamic_server
10.00.xc3:xc3
ibminformix_dynamic_server
10.00.xc4:xc4
ibminformix_dynamic_server
10.00.xc5:xc5
ibminformix_dynamic_server
10.00.xc6:xc6
ibminformix_dynamic_server
10.00.xc7w1:xc7w1
ibminformix_dynamic_server
10.00.xc8:xc8
ibminformix_dynamic_server
10.00.xc9:xc9
ibminformix_dynamic_server
10.00.xc10:xc10
ibminformix_dynamic_server
11.10
ibminformix_dynamic_server
11.10.tb4tl:tb4tl
ibminformix_dynamic_server
11.10.xc1:xc1
ibminformix_dynamic_server
11.10.xc1de:xc1de
ibminformix_dynamic_server
11.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/41915
http://www.osvdb.org/68706
http://www.vupen.com/english/advisories/2010/2733
http://www.zerodayinitiative.com/advisories/ZDI-10-215/
http://secunia.com/advisories/41915
http://www.osvdb.org/68706
http://www.vupen.com/english/advisories/2010/2733
http://www.zerodayinitiative.com/advisories/ZDI-10-215/