CVE-2010-3014
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
20/08/2010
Last modified:
11/04/2025
Description
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
Impact
Base Score 2.0
1.20
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN
- http://svn.freebsd.org/viewvc/base?view=revision&revision=210997
- http://www.securityfocus.com/archive/1/513151/100/0/threaded
- http://www.vsecurity.com/resources/advisory/20100816-1/
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN
- http://svn.freebsd.org/viewvc/base?view=revision&revision=210997
- http://www.securityfocus.com/archive/1/513151/100/0/threaded
- http://www.vsecurity.com/resources/advisory/20100816-1/