CVE-2010-0830LowConfirmedExploit available
DEB
DEB
Debian Security Advisories (DSA)
DSAs are published by the Debian Security Team for issues affecting the stable distribution. The downstream tracker (security-tracker.debian.org) additionally maps every CVE to its package-level status across all supported suites.
Region
Intl.
Updates
1 ч
License
Public Domain
Advisories covering the Debian stable and oldstable releases. Ship notes include the exact .deb version that remediates each issue.
https://www.debian.org/security/ →Share link
Anyone with the link can open this vulnerability.
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.…
CVSS
3.7
Low
EPSS
0.06
p91
Published
2010-01-01
Updated
2010-01-01
Description
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
Tags · CWE
CWE-189
CWE-189CategoryDraft
Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
https://cwe.mitre.org/data/definitions/189.html →Open in CWE collection →Affected products
Glibc
CVSS vector
AV:L/AC:H/Au:N/C:P/I:P/A:P
Timeline
2010-01-01
Published
2010-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: H
High (H)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.063 · p91
Known exploited (KEV)
No
Known exploits — Сканер-ВС
15274
exploitdb · https://www.exploit-db.com/exploits/15274
15304
exploitdb · https://www.exploit-db.com/exploits/15304
17120
exploitdb · https://www.exploit-db.com/exploits/17120
18105
exploitdb · https://www.exploit-db.com/exploits/18105
31550
exploitdb · https://www.exploit-db.com/exploits/31550
33230
exploitdb · https://www.exploit-db.com/exploits/33230
36404
exploitdb · https://www.exploit-db.com/exploits/36404
44024
exploitdb · https://www.exploit-db.com/exploits/44024
44025
exploitdb · https://www.exploit-db.com/exploits/44025
CVE-2010-3847
github-poc · https://github.com/magisterquis/cve-2010-3847
Affected software
| Product | Vendor | Status |
|---|---|---|
| eglibc | Tracked | |
| glibc | Tracked | |
| glibc | Tracked | |
| glibc | Tracked | |
| glibc | Tracked | |
| glibc | * | Tracked |
Source databases
DEB
DEB
Debian Security Advisories (DSA)
DSAs are published by the Debian Security Team for issues affecting the stable distribution. The downstream tracker (security-tracker.debian.org) additionally maps every CVE to its package-level status across all supported suites.
Region
Intl.
Updates
1 ч
License
Public Domain
Advisories covering the Debian stable and oldstable releases. Ship notes include the exact .deb version that remediates each issue.
https://www.debian.org/security/ →CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →RED
RED
Red Hat Security Advisories (RHSA)
Red Hat advisories are authoritative for RHEL-family systems: each record lists the exact package NEVRA fixed, the affected streams, and a Red Hat-assigned severity that may differ from NVD's. Many downstream projects (CentOS Stream, Rocky, Alma) follow these IDs.
Region
US
Updates
1 ч
License
CC BY-SA 4.0
Advisories for Red Hat Enterprise Linux, OpenShift, Ansible and other Red Hat products. Includes detailed backport tracking — critical for long-term-support distributions.
https://access.redhat.com/security/security-updates/ →UBU
UBU
Ubuntu Security Notices (USN)
USNs are authoritative for Ubuntu systems. The CVE Tracker links each vulnerability to its per-release status (needed, released, not-affected) and to the exact Launchpad bug where the fix is integrated.
Region
Intl.
Updates
1 ч
License
CC BY-SA 3.0
Security notices for Ubuntu LTS and interim releases, covering main, universe and (via Pro) ESM-extended packages.
https://ubuntu.com/security/notices →Related vulnerabilities
BDU:2015-01134BDU:2015-01135BDU:2015-01136BDU:2015-01137BDU:2015-01138BDU:2015-01139BDU:2015-01140BDU:2015-01141BDU:2015-01142BDU:2015-01143BDU:2015-01144BDU:2015-01145BDU:2015-01146BDU:2015-01147BDU:2015-01148BDU:2015-01149BDU:2015-01150BDU:2015-01151BDU:2015-01152BDU:2015-01153BDU:2015-01154BDU:2015-01155BDU:2015-01156BDU:2015-01157BDU:2015-01158BDU:2015-01159BDU:2015-01160BDU:2015-01161BDU:2015-01162BDU:2015-01163BDU:2015-01164BDU:2015-01165BDU:2015-01166BDU:2015-01167BDU:2015-01168BDU:2015-01169BDU:2015-01170BDU:2015-04440BDU:2015-04441BDU:2015-04442BDU:2015-04443BDU:2015-04444BDU:2015-04445BDU:2015-04446BDU:2015-04447BDU:2015-05982BDU:2015-05983BDU:2015-05984BDU:2015-05985BDU:2015-05986BDU:2015-05987BDU:2015-06020BDU:2015-08584BDU:2015-08585BDU:2015-08586BDU:2015-08587BDU:2015-08588BDU:2015-08589BDU:2015-09412BDU:2017-00284