CVE-2010-2322

Exp

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Published: 2010-06-18 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2010-2322 is rated Exploit Available (58.5/100): CVSS Low severity, with medium exploitation likelihood (EPSS 3.36%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.62% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2010-2322

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2010-2322

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.74% 3.36% +2.62%
2 2025-07-13 0.65% 0.74% +0.10%
3 2025-07-12 0.65%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2322

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.6 2.0 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
4.9 2.9 [email protected]

Weakness enumeration for CVE-2010-2322

OS Trackers for CVE-2010-2322

vendor priority summary link
debian low CVE-2010-2322 low priority: Debian including 1 source packages (fastjar), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-2322
gentoo normal CVE-2010-2322: 1 GLSA(s) (201209-21), 1 atom(s) (app-arch/fastjar); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-2322
redhat low https://access.redhat.com/security/cve/CVE-2010-2322
suse low https://www.suse.com/security/cve/CVE-2010-2322/
ubuntu medium CVE-2010-2322 medium priority: Ubuntu including 1 source packages (fastjar), 6 status rows across 6 suites (dapper, hardy, jaunty, karmic, lucid, upstream): released 4, DNE 1, needs-triage 1. https://ubuntu.com/security/CVE-2010-2322

Affected software / configurations for CVE-2010-2322

Vendor Product Version Raw CPE
matthias_klose fastjar 0.98 cpe:2.3:a:matthias_klose:fastjar:0.98:*:*:*:*:*:*:*

References for CVE-2010-2322

cvelogic Threat Intelligence