CVE-2010-2054 | Vulnerability Database | Aqua Security

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Sblim-sfcb	Standards_based_linux_instrumentation	1.3.4 (including)	1.3.4 (including)
Sblim-sfcb	Standards_based_linux_instrumentation	1.3.5 (including)	1.3.5 (including)
Sblim-sfcb	Standards_based_linux_instrumentation	1.3.6 (including)	1.3.6 (including)
Sblim-sfcb	Standards_based_linux_instrumentation	1.3.7 (including)	1.3.7 (including)

References

http://marc.info/?l=bugtraq\u0026m=127549079109192\u0026w=2
http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85\u0026r2=1.86
http://secunia.com/advisories/40018
http://sourceforge.net/tracker/index.php?func=detail\u0026aid=3001915\u0026group_id=128809\u0026atid=712784
http://www.vupen.com/english/advisories/2010/1312

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2054
CWE	https://cwe.mitre.org/data/definitions/189.html