Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/42592 | vdb-entry x_refsource_BID |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:165 | vendor-advisory x_refsource_MANDRIVA |
| http://www.vupen.com/english/advisories/2010/2232 | vdb-entry x_refsource_VUPEN |
| http://www.openwall.com/lists/oss-security/2010/08/20/5 | mailing-list x_refsource_MLIST |
| http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2010/08/20/12 | mailing-list x_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html | vendor-advisory x_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=625866 | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/42592 | vdb-entry x_refsource_BID x_transferred |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:165 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| http://www.vupen.com/english/advisories/2010/2232 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.openwall.com/lists/oss-security/2010/08/20/5 | mailing-list x_refsource_MLIST x_transferred |
| http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx%3Ba=commit%3Bh=904a46f90dd3f046bfac0b64a5e813d7cd4fca59 | x_refsource_CONFIRM x_transferred |
| http://www.openwall.com/lists/oss-security/2010/08/20/12 | mailing-list x_refsource_MLIST x_transferred |
| http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html | vendor-advisory x_refsource_SUSE x_transferred |
| https://bugzilla.redhat.com/show_bug.cgi?id=625866 | x_refsource_CONFIRM x_transferred |
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |