CVE-2010-3085

The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://sourceforge.net/news/?group_id=150840&id=287363
http://www.openwall.com/lists/oss-security/2010/09/09/8
http://www.openwall.com/lists/oss-security/2010/09/11/3
http://sourceforge.net/news/?group_id=150840&id=287363
http://www.openwall.com/lists/oss-security/2010/09/09/8
http://www.openwall.com/lists/oss-security/2010/09/11/3

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:david_shadoff:mednafen::::::::
	cpe:2.3:a:david_shadoff:mednafen:0.2.0:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.2.1:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.2.2:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.3.6:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.3.7:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.4.3:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.5.0:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.5.1:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.5.2:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.0:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.1:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.2:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.3:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.4:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.6.5:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.7.0:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.7.1:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.7.2:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.1:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.4:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc1::::::
	cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc2::::::
	cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc3::::::
	cpe:2.3:a:david_shadoff:mednafen:0.8.5:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.6:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.7:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.8:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.9:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.a:::::::*
	cpe:2.3:a:david_shadoff:mednafen:0.8.b:::::::*

History

21 Nov 2024, 01:18

Type	Values Removed	Values Added
References	~~() http://sourceforge.net/news/?group_id=150840&id=287363 -~~	() http://sourceforge.net/news/?group_id=150840&id=287363 -
References	~~() http://www.openwall.com/lists/oss-security/2010/09/09/8 -~~	() http://www.openwall.com/lists/oss-security/2010/09/09/8 -
References	~~() http://www.openwall.com/lists/oss-security/2010/09/11/3 -~~	() http://www.openwall.com/lists/oss-security/2010/09/11/3 -

Information

Published : 2010-10-12 21:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3085

Mitre link : CVE-2010-3085

CVE.ORG link : CVE-2010-3085

JSON object : View

Products Affected

david_shadoff

mednafen

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2010-3085", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-12T21:00:02.163", "references": [{"url": "http://sourceforge.net/news/?group_id=150840&id=287363", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/09/8", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/11/3", "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/news/?group_id=150840&id=287363", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/09/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to \"stack manipulation\" issues."}, {"lang": "es", "value": "La implementaci\u00f3n network-play en Mednafen en versiones anteriores a la 0.8.D puede permitir a servidores remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, relacionados con problemas de \"manipulaci\u00f3n de la pila\"."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:david_shadoff:mednafen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "606DBC33-7493-4148-A63A-55F4637279FD", "versionEndIncluding": "0.8.c"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BCE2CB6-133B-416C-8A7B-07F067EC2BC2"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02085225-78C9-49CE-8220-88B6A955E2EA"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB165CBA-D8BC-4391-88ED-DB0E8B5F1C8C"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E627325A-D053-4BAE-B896-716A612E16AF"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E03B499-67A1-4024-85B6-26B7B07C8FD2"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B62DE0-3301-433E-98E9-43A78B13F557"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "108C3A9B-B7FF-40A3-B39B-5D06EE5C1EB3"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ED78BA1-EF30-4FC1-8143-2550199C8370"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC286E56-741E-4547-A038-B7B2918EF202"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02A02EA0-6048-4AFC-B538-64FEF1254922"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E022F281-87E4-438E-9630-073A7BB13531"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D31C99A-5D87-45E6-AE96-4586E5B63C73"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3991D955-FA05-44FC-BB1B-BF853D5E745F"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAE57F06-FB52-4710-B509-100AA1ECE956"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3FD5312-8855-4F1C-B362-E98CCE65A5A5"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F755D5C3-A37E-44C9-A648-7B532CD76916"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3259EBD-94F6-4D73-8495-C406D32A31BA"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F01B0AAD-DDC7-462F-A20D-49B6F35CDE0E"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56804196-4315-4DC1-95D3-13A6EC220B33"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D09E631D-4B09-4A46-933A-C8D693697081"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C92BB6A-0B3C-4696-9C86-3C2503C3D777"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1165503D-E569-401B-B366-C6DF504EFE15"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.4:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "514F05C9-7CDE-46D4-AAEB-BB30958B424C"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6569CE8-DDE8-4BE1-9B61-FF47B0D235E8"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC8D55E9-0EF0-4D39-93C1-4BA24CCF8A50"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6F95CF-5140-41D2-9EDA-4CA374C7AAB9"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F30C0CE8-AE86-407C-ACB4-E684D9D7A8D9"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBC248FB-3613-4CFF-BAB3-B2A936A98E1B"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725B186F-8451-4515-AAEF-1CF84263D3FD"}, {"criteria": "cpe:2.3:a:david_shadoff:mednafen:0.8.b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5095133E-BD51-427F-8579-6F0AA0BE8832"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

10.0 /10