CVE-2010-1938

Freebsd < 2.4.1 - Numeric Error

Title source: rule

Description

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textdosfreebsd
https://www.exploit-db.com/exploits/12762
nomisec WORKING POC 4 stars
by Nexxus67 · poc
https://github.com/Nexxus67/cve-2010-1938

References (14)

Scores

EPSS 0.3954
EPSS Percentile 97.3%

Details

CWE
CWE-189
Status published
Products (19)
freebsd/freebsd 6 stable
freebsd/freebsd 6.4 (7 CPE variants)
freebsd/freebsd 7.0 (10 CPE variants)
freebsd/freebsd 7.0-release
freebsd/freebsd 7.0_beta4
freebsd/freebsd 7.0_releng
freebsd/freebsd 7.1 (9 CPE variants)
freebsd/freebsd 7.2 (3 CPE variants)
freebsd/freebsd 8.0
freebsd/freebsd 8.1-prerelease
... and 9 more
Published May 28, 2010
Tracked Since Feb 18, 2026