CVE-2010-2523 : Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact v

Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.

Published 2010-07-13 17:30:04

Updated 2011-01-14 06:45:29

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2010-2523

Probability of exploitation activity in the next 30 days: 3.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2523

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-2523

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2523

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019

CVEs referencing this url
http://marc.info/?l=oss-security&m=127859390815405&w=2

'[oss-security] Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon' - MARC

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/07/07/4

oss-security - Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/07/09/1

oss-security - Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon

CVEs referencing this url
http://www.securityfocus.com/bid/41522

Usagi Project mipv6-daemon ND Options Remote Buffer Overflow Vulnerability
http://marc.info/?l=oss-security&m=127850299910685&w=2

'Re: [oss-security] patch for remote buffer overflows and local' - MARC

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/07/06/5

oss-security - patch for remote buffer overflows and local message spoofing in mipv6 daemon
Patch

CVEs referencing this url

Products affected by CVE-2010-2523

Linux-ipv6 » Umip » Version: 0.4
cpe:2.3:a:linux-ipv6:umip:0.4:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2523

Exploit prediction scoring system (EPSS) score for CVE-2010-2523

CVSS scores for CVE-2010-2523

CWE ids for CVE-2010-2523

References for CVE-2010-2523

Products affected by CVE-2010-2523