Vulnerability Details : CVE-2010-3014
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2010-3014
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
1.2
|
LOW | AV:L/AC:H/Au:N/C:P/I:N/A:N |
1.9
|
2.9
|
NIST |
CWE ids for CVE-2010-3014
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3014
-
http://svn.freebsd.org/viewvc/base?view=revision&revision=210997
[base] Revision 210997Patch
-
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN
Patch
-
http://www.vsecurity.com/resources/advisory/20100816-1/
VSR | 404 Not Found
-
http://www.securityfocus.com/archive/1/513151/100/0/threaded
SecurityFocus
Products affected by CVE-2010-3014
- cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*