PT-2010-1033 · Libsmi+1 · Libsmi+1

Andrés López Luksenberg

·

Published

2010-10-27

·

Updated

2024-06-15

·

CVE-2010-2891

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libsmi versions prior to 0.4.8
Description The issue affects the libsmi package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem is caused by a buffer overflow in the smiGetNode function, allowing attackers to execute arbitrary code via a specially crafted Object Identifier.
Recommendations For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the smiGetNode function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-2569
ALT-PU-2019-2576
AZL-34938
AZL-6647
AZL-7272
BDU:2015-03137
BDU:2015-09693
CVE-2010-2891
DSA-2145-1
OPENSUSE-SU-2024:10266-1

Affected Products

Alt Linux
Libsmi