CVE-2010-2759

medium

Description

Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment.

References

https://bugzilla.redhat.com/show_bug.cgi?id=623423

https://bugzilla.mozilla.org/show_bug.cgi?id=583690

http://www.vupen.com/english/advisories/2010/2205

http://www.vupen.com/english/advisories/2010/2035

http://www.securityfocus.com/bid/42275

http://www.bugzilla.org/security/3.2.7/

http://secunia.com/advisories/41128

http://secunia.com/advisories/40892

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html

Details

Source: Mitre, NVD

Published: 2010-08-16

Updated: 2010-09-08

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium