CVE-2010-2800
First published: Mon Aug 02 2010(Updated: )
A deficiency has been reported in the way cabextract extracted certain Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors. If a local user was tricked into opening a specially-crafted *.cab file, it could lead to infinite loop. References: [1] <a href="http://bugs.gentoo.org/show_bug.cgi?id=329891">http://bugs.gentoo.org/show_bug.cgi?id=329891</a> Upstream patches: [2] <a href="http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90">http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90</a> [3] <a href="http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95">http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95</a> [4] <a href="http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/">http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cabextract | <=1.2 | |
| Cabextract | =0.1 | |
| Cabextract | =0.2 | |
| Cabextract | =0.3 | |
| Cabextract | =0.4 | |
| Cabextract | =0.5 | |
| Cabextract | =0.6 | |
| Cabextract | =1.0 | |
| Cabextract | =1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=oss-security&m=128077976522470&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=620450
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
- http://marc.info/?l=oss-security&m=128076168623266&w=2
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
- http://bugs.gentoo.org/show_bug.cgi?id=329891
- http://www.vupen.com/english/advisories/2010/1903
- http://www.cabextract.org.uk/#changes
- http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=620457
- https://access.redhat.com/security/cve/CVE-2010-2800
Frequently Asked Questions
What is the severity of CVE-2010-2800?
CVE-2010-2800 is considered a vulnerability that can lead to an infinite loop in cabextract when processing specially-crafted CAB files.
How do I fix CVE-2010-2800?
To fix CVE-2010-2800, update cabextract to version 1.3 or newer where this vulnerability has been addressed.
Which versions of cabextract are affected by CVE-2010-2800?
CVE-2010-2800 affects cabextract versions up to and including 1.2, as well as earlier versions like 0.1 through 1.1.
What impact does CVE-2010-2800 have on systems?
The impact of CVE-2010-2800 can result in a denial of service condition if a user is tricked into opening a malicious CAB file.
Who is at risk from CVE-2010-2800?
Any local user who interacts with compromised CAB files while using impacted versions of cabextract is at risk of CVE-2010-2800.
- collector/redhat-bugzilla
- alias/CVE-2010-2800
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/cabextract project
- canonical/cabextract
- version/cabextract/1.2
- version/cabextract/0.1
- version/cabextract/0.2
- version/cabextract/0.3
- version/cabextract/0.4
- version/cabextract/0.5
- version/cabextract/0.6
- version/cabextract/1.0
- version/cabextract/1.1