CVE-2010-4336
collectd - denial of service
EPSS 1.7%
Description
The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.
How to fix CVE-2010-4336
To remediate CVE-2010-4336, upgrade the affected package to a fixed version below.
- Debian/collectd—upgrade to 4.10.1-2.1 or later
- Debian/collectd—upgrade to 4.4.2-3+lenny1 or later
Is CVE-2010-4336 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.10.1-2.1
- from 0, < 4.4.2-3+lenny1