CVE-2010-2801 - OpenCVE

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cabextract Project	Cabextract

Configuration 1 [-]

OR	cpe:2.3:a:cabextract_project:cabextract::::::::
	cpe:2.3:a:cabextract_project:cabextract:0.1:::::::*
	cpe:2.3:a:cabextract_project:cabextract:0.2:::::::*
	cpe:2.3:a:cabextract_project:cabextract:0.3:::::::*
	cpe:2.3:a:cabextract_project:cabextract:0.4:::::::*
	cpe:2.3:a:cabextract_project:cabextract:0.5:::::::*
	cpe:2.3:a:cabextract_project:cabextract:0.6:::::::*
	cpe:2.3:a:cabextract_project:cabextract:1.0:::::::*
	cpe:2.3:a:cabextract_project:cabextract:1.1:::::::*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=329891
http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113	Patch
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118	Patch
http://marc.info/?l=oss-security&m=128076168623266&w=2
http://marc.info/?l=oss-security&m=128077976522470&w=2
http://www.cabextract.org.uk/#changes	Patch
http://www.debian.org/security/2010/dsa-2087
http://www.securityfocus.com/bid/42173
http://www.vupen.com/english/advisories/2010/1903	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/1997	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=620454
https://exchange.xforce.ibmcloud.com/vulnerabilities/60891

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-08-06T19:31:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-07-22T00:00:00

Link: CVE-2010-2801

JSON object: View

NVD Information

Status : Modified

Published: 2010-08-09T11:58:17.487

Modified: 2021-04-26T11:45:35.940

Link: CVE-2010-2801

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2010-1903", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1903"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118"}, {"name": "[oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128076168623266&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113"}, {"name": "[oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128077976522470&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cabextract.org.uk/#changes"}, {"name": "DSA-2087", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2087"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=329891"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620454"}, {"name": "ADV-2010-1997", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1997"}, {"name": "cabextract-archive-code-execution(60891)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60891"}, {"name": "42173", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/42173"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2801", "datePublished": "2010-08-06T19:31:00", "dateReserved": "2010-07-22T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B40EA4-BB4F-4A35-973F-BA856014B2F1", "versionEndIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D7B9CCF-67F3-4DC5-9362-09EE3D0FD87F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "924128C3-DE58-4B6A-A497-59B5D3D311DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "24D2543F-BE6B-46FB-93E0-C0F9DEC4490D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4B596E7E-F51E-4DFF-A81F-21E4C3C81F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "63BDBB7A-673E-412B-BE69-05672AA3050D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8D5EC4F7-C88D-4DBA-A371-58DF4E6344A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "670769A1-4133-4834-94E0-BF5F3EF2FFF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDBD05D3-31A4-4079-A9E2-2B7EF6403624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library."}, {"lang": "es", "value": "Error de presencia de signo en el decompresor Quantum en cabextract anteriores a v1.3, cuando est\u00e1 activado el modo test, permite a atacantes remotos asistidos por usuarios, provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero Quatum modificado en un fichero .cab, relativo a la biblioteca libmspack.\r\n"}], "id": "CVE-2010-2801", "lastModified": "2021-04-26T11:45:35.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-09T11:58:17.487", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=329891"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=128076168623266&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=128077976522470&w=2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.cabextract.org.uk/#changes"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2087"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/42173"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1903"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1997"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620454"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60891"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}