NVD

Id
14236  
Name
CVE-2010-2801  
Description
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-08-09  
Modified Date
2010-08-09  
Seq
2010-2801  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
78772 14236 CVE-2010-2801 http://bugs.gentoo.org/show_bug.cgi?id=329891  View
78773 14236 CVE-2010-2801 http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113  View
78774 14236 CVE-2010-2801 http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118  View
78775 14236 CVE-2010-2801 [oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode  View
78776 14236 CVE-2010-2801 [oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode  View
78777 14236 CVE-2010-2801 http://www.cabextract.org.uk/#changes  View
78778 14236 CVE-2010-2801 DSA-2087  View
78779 14236 CVE-2010-2801 42173  View
78780 14236 CVE-2010-2801 ADV-2010-1903  View
78781 14236 CVE-2010-2801 ADV-2010-1997  View
78782 14236 CVE-2010-2801 cabextract-archive-code-execution(60891)  View
78783 14236 CVE-2010-2801 https://bugzilla.redhat.com/show_bug.cgi?id=620454  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38426 JVNDB-2010-004211 cabextract の Quantum デコンプレッサにおける整数符号エラーの脆弱性 cabextract の Quantum デコンプレッサには、アーカイブテストモードを使用している際、libmspack ライブラリに関連する処理に不備があるため、整数符号エラーの脆弱性が存在します。 CVE-2010-2801 45381 CVE-2010-2801 14236 5.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004211.html 2010-08-09 2012-06-26 View