Vulnerability Details : CVE-2010-2090
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2090
Probability of exploitation activity in the next 30 days: 6.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2090
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-2090
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2090
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810
IBM IZ68810: CRASH WHILE PROCESSING APPC DATA WITH INCORRECT LENGTH
-
http://www.vupen.com/english/advisories/2010/1244
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58874
IBM Communications Server for AIX APPC denial of service CVE-2010-2090 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026
IBM JR36026: CRASH WHILE PROCESSING APPC DATA WITH INCORRECT LENGTH.
-
http://www.securityfocus.com/bid/40372
IBM Communications Server for AIX Remote Denial of Service Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg24013012
Communications Server for AIX, Version 6.3 -- Last PTFs
Products affected by CVE-2010-2090
- cpe:2.3:a:ibm:communications_server:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:communications_server:6.3.1.0:*:*:*:*:*:*:*