CVE-2010-2891

Name	CVE-2010-2891
Description	Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2145-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libsmi (PTS)	bookworm, bullseye	0.4.8+dfsg2-16	fixed
	forky, sid, trixie	0.4.8+dfsg2-17	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libsmi	source	lenny	0.4.7+dfsg-0.2		DSA-2145-1
libsmi	source	(unstable)	0.4.8+dfsg2-3