Strix
26.1K

CVE-2010-2530

UnknownEPSS 0.31%

Last modified

CVE-2010-2530 is a vulnerability of currently unknown severity. Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.

Description

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.

Metrics

EPSS Probability
0.31%

22.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
NetbsdNetbsd<= 5.0.2
NetbsdNetbsd0.8
NetbsdNetbsd0.9
NetbsdNetbsd1.0
NetbsdNetbsd1.1
NetbsdNetbsd1.2
NetbsdNetbsd1.2.1
NetbsdNetbsd1.3
NetbsdNetbsd1.3.1
NetbsdNetbsd1.3.2
NetbsdNetbsd1.3.3
NetbsdNetbsd1.4
NetbsdNetbsd1.4.1
NetbsdNetbsd1.4.2
NetbsdNetbsd1.4.3
NetbsdNetbsd1.5
NetbsdNetbsd1.5.1
NetbsdNetbsd1.5.2
NetbsdNetbsd1.5.3
NetbsdNetbsd1.6
NetbsdNetbsd1.6.1
NetbsdNetbsd1.6.2
NetbsdNetbsd2.0
NetbsdNetbsd2.0.1
NetbsdNetbsd2.0.2
NetbsdNetbsd2.0.3
NetbsdNetbsd2.0.4
NetbsdNetbsd2.1
NetbsdNetbsd2.1.1
NetbsdNetbsd3.0
NetbsdNetbsd3.0.1
NetbsdNetbsd3.0.2
NetbsdNetbsd3.1
NetbsdNetbsd3.99.15
NetbsdNetbsd4.0Beta
NetbsdNetbsd4.0.1
NetbsdNetbsd5.0
NetbsdNetbsd5.0.1
AppleMac Os XAll versions
FreebsdFreebsdAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2530?
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
How severe is CVE-2010-2530?
Severity scoring for CVE-2010-2530 is pending analysis. The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2530?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2530?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST