VDB
CVE-2010-3302
CVE-2010-3302
PUBLISHED
CVSS 6.5 MEDIUM
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
EPSS 6.11% · 90.9th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
6.11%
90.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| xelerance | openswan | 2.6.25, 2.6.26, 2.6.27 |
Timeline
- Oct 5, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 41769 third-party-advisory
- ADV-2010-2526 vdb
- http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt url
- 43588 vdb
- RHSA-2010:0892 vendor-advisory
- 1024749 vdb
- http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch url
- http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch url
- FEDORA-2010-15508 vendor-advisory
- FEDORA-2010-15381 vendor-advisory
- FEDORA-2010-15516 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-3302 advisory
- https://access.redhat.com/errata/RHSA-2010:0892 url
- https://access.redhat.com/security/cve/CVE-2010-3302 url
- https://bugzilla.redhat.com/show_bug.cgi?id=634264 url