Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-2725

Published: 05/08/2010 Updated: 05/08/2010
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Barnowl

Vulnerability Summary

BarnOwl prior to 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

barnowl barnowl 1.0.2

barnowl barnowl 1.0.1

barnowl barnowl 1.0.3

barnowl barnowl 1.0.2.1

barnowl barnowl 1.5

barnowl barnowl 1.0.4

barnowl barnowl 1.0.4.1

barnowl barnowl

barnowl barnowl 1.5.1

barnowl barnowl 1.3

barnowl barnowl 1.4

barnowl barnowl 1.1.1

barnowl barnowl 1.2

barnowl barnowl 1.6

barnowl barnowl 1.0.0

barnowl barnowl 1.2.1

barnowl barnowl 1.0.5

barnowl barnowl 1.1

Vendor Advisories

Debian CVElist Bug Report Logs: barnowl: CVE-2010-2725
Debian Bug report logs - #593299 barnowl: CVE-2010-2725 Package: barnowl; Maintainer for barnowl is Sam Hartman <hartmans@debianorg>; Source for barnowl is src:barnowl (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 17 Aug 2010 01:33:02 UTC Severity: serious Tags: securit ...
Debian Security Advisories: DSA-2102-1 barnowl -- unchecked return value
It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code For the stable distribution (lenny), this problem has ...

References

CWE-20http://barnowl.mit.edu/wiki/release-notes/1.6.2http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLoghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593299https://nvd.nist.govhttps://www.debian.org/security/./dsa-2102
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook