CVE-2010-2800 : The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) vi

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

Published 2010-08-09 11:58:17

Updated 2021-04-26 11:45:36

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-2800

Probability of exploitation activity in the next 30 days: 3.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2800

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2010-2800

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2800

http://bugs.gentoo.org/show_bug.cgi?id=329891

329891 – <app-arch/cabextract-1.3: Infinite loop in MS-ZIP decoder (CVE-2010-{2800,2801})

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=620450

620450 – (CVE-2010-2800) CVE-2010-2800 cabextract: Infinite loop in MS-ZIP and Quantum decoders
http://www.vupen.com/english/advisories/2010/1903

Webmail | OVH- OVH
Patch;Vendor Advisory

CVEs referencing this url
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90

404 Not Found
Patch
http://www.cabextract.org.uk/#changes

cabextract
Patch

CVEs referencing this url
http://marc.info/?l=oss-security&m=128077976522470&w=2

'Re: [oss-security] CVE Request [two ids] -- cabextract -- 1,' - MARC

CVEs referencing this url
http://marc.info/?l=oss-security&m=128076168623266&w=2

'[oss-security] CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP' - MARC

CVEs referencing this url
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95

404 Not Found
Patch

Products affected by CVE-2010-2800

Cabextract Project » Cabextract
Versions up to, including, (<=) 1.2
cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.2
cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.6
cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 1.0
cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.4
cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 1.1
cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.5
cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.3
cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
Matching versions
Cabextract Project » Cabextract » Version: 0.1
cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2800

Exploit prediction scoring system (EPSS) score for CVE-2010-2800

CVSS scores for CVE-2010-2800

CWE ids for CVE-2010-2800

References for CVE-2010-2800

Products affected by CVE-2010-2800