{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-10-12T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/3"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/5"}, {"name": "20100427 Fun with FORTIFY_SOURCE", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2010/Apr/399"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/2"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/7"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/4"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/6"}, {"name": "[oss-security] 20100825 CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3192", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/02/3"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/02/5"}, {"name": "20100427 Fun with FORTIFY_SOURCE", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2010/Apr/399"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/02/2"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/08/31/7"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/02/4"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/08/31/6"}, {"name": "[oss-security] 20100825 CVE id request: libc fortify source information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/08/25/8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.523Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/3"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/5"}, {"name": "20100427 Fun with FORTIFY_SOURCE", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2010/Apr/399"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/2"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/7"}, {"name": "[oss-security] 20100902 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/4"}, {"name": "[oss-security] 20100831 Re: CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/6"}, {"name": "[oss-security] 20100825 CVE id request: libc fortify source information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3192", "datePublished": "2010-10-12T21:00:00Z", "dateReserved": "2010-08-31T00:00:00Z", "dateUpdated": "2024-09-16T16:17:25.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4B57CAA-FEDE-48A6-A22F-56CAEA79F200", "versionEndExcluding": "2.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations."}, {"lang": "es", "value": "Algunos mecanismos run-time de protecci\u00f3n de memoria en la Librer\u00eda C de GNU (tambi\u00e9n conocido como glibc o libc6) print argv[0] y backtrace information, lo cual permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible de procesos de memoria mediante la ejecuci\u00f3n de un programa incorrecto, como el demostrado por un programa setuid que contiene un error de desbordamiento de b\u00fafer basado en pila, relacionado con la funci\u00f3n __fortify_fail en debug/fortify_fail.c, y las implementaciones __stack_chk_fail (tambi\u00e9n conocida como stack protection) y __chk_fail (tambi\u00e9n conocida como FORTIFY_SOURCE)."}], "id": "CVE-2010-3192", "lastModified": "2020-03-31T15:32:56.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-14T05:58:06.833", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2010/Apr/399"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/8"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/08/31/7"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "glibc: __fortify_fail may use corrupted memory when called from SSP callback", "id": "643396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=643396"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations."], "name": "CVE-2010-3192", "public_date": "2010-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-3192\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3192"], "statement": "The Red Hat Security Response Team has rated this issue as having low security\nimpact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.", "threat_severity": "Low"}