CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://libpng.sourceforge.net/ADVISORY-1.4.1.html	Third Party Advisory
http://libpng.sourceforge.net/decompression_bombs.html	Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Mailing List
http://lists.vmware.com/pipermail/security-announce/2010/000105.html	Third Party Advisory
http://osvdb.org/62670	Broken Link
http://secunia.com/advisories/38774	Third Party Advisory
http://secunia.com/advisories/39251	Third Party Advisory
http://secunia.com/advisories/41574	Third Party Advisory
http://support.apple.com/kb/HT4435	Broken Link
http://ubuntu.com/usn/usn-913-1	Third Party Advisory
http://www.debian.org/security/2010/dsa-2032	Third Party Advisory
http://www.kb.cert.org/vuls/id/576029	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064	Third Party Advisory
http://www.securityfocus.com/bid/38478	Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023674	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0517	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0605	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0626	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0637	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0667	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0682	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0686	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0847	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2491	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56661	Third Party Advisory VDB Entry
http://libpng.sourceforge.net/ADVISORY-1.4.1.html	Third Party Advisory
http://libpng.sourceforge.net/decompression_bombs.html	Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Mailing List
http://lists.vmware.com/pipermail/security-announce/2010/000105.html	Third Party Advisory
http://osvdb.org/62670	Broken Link
http://secunia.com/advisories/38774	Third Party Advisory
http://secunia.com/advisories/39251	Third Party Advisory
http://secunia.com/advisories/41574	Third Party Advisory
http://support.apple.com/kb/HT4435	Broken Link
http://ubuntu.com/usn/usn-913-1	Third Party Advisory
http://www.debian.org/security/2010/dsa-2032	Third Party Advisory
http://www.kb.cert.org/vuls/id/576029	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064	Third Party Advisory
http://www.securityfocus.com/bid/38478	Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023674	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0517	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0605	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0626	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0637	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0667	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0682	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0686	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0847	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2491	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56661	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng::::::::

Configuration 2 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:11:::::::*
	cpe:2.3:o:fedoraproject:fedora:12:::::::*
	cpe:2.3:o:fedoraproject:fedora:13:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

Configuration 5 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

History

21 Nov 2024, 01:11

Information

Published : 2010-03-03 19:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-0205

Mitre link : CVE-2010-0205

CVE.ORG link : CVE-2010-0205

JSON object : View

Products Affected

debian

debian_linux

suse

linux_enterprise_server

apple

mac_os_x

opensuse

opensuse

canonical

ubuntu_linux

fedoraproject

fedora

libpng

libpng

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2010-0205", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-03T19:30:00.493", "references": [{"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://libpng.sourceforge.net/decompression_bombs.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Mailing List"], "source": "cret@cert.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://osvdb.org/62670", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/38774", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/39251", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/41574", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "http://ubuntu.com/usn/usn-913-1", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.debian.org/security/2010/dsa-2032", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/576029", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/38478", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1023674", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0517", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0605", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0626", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0637", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0667", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0682", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0686", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0847", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1107", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2491", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://libpng.sourceforge.net/decompression_bombs.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/62670", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38774", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/39251", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41574", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ubuntu.com/usn/usn-913-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2010/dsa-2032", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/576029", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/38478", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1023674", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0517", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0605", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0626", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0637", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0667", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0682", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0686", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0847", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/1107", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2491", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."}, {"lang": "es", "value": "La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \"decompression bomb\" (bomba de descompresi\u00f3n)."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3110AADE-22CC-4BF0-A45B-4884DC412622", "versionEndExcluding": "1.0.53", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "376224B7-C526-4A78-95A4-034BD437E52B", "versionEndExcluding": "1.2.43", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CE8989E-12D3-4C9E-9BE3-D992533152F3", "versionEndExcluding": "1.4.1", "versionStartIncluding": "1.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E5D24A-8CA0-4590-9F35-F684D573D030", "versionEndExcluding": "10.6.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.", "lastModified": "2010-07-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cret@cert.org"}

4.3 /10