CVE-2011-3386 (GCVE-0-2011-3386)

Vulnerability from cvelistv5 – Published: 2011-09-02 23:00 – Updated: 2024-08-06 23:29

Summary

Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying "we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.hanselman.com/blog/HackersCanKillDiabe…	x_refsource_MISC
	http://www.scmagazineus.com/black-hat-insulin-pum…	x_refsource_MISC
	http://www.loop-blog.com/Blog_Full_Post?id=a09C00…	x_refsource_MISC
	http://sixuntilme.com/blog2/2011/08/hacked_jay_ra…	x_refsource_MISC
	http://www.foxnews.com/scitech/2011/08/04/insulin…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.informationweek.com/news/security/vuln…	x_refsource_MISC
	http://www.darkreading.com/security/vulnerabiliti…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
          },
          {
            "name": "paradigm-insulin-pump-dos(69643)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
        },
        {
          "name": "paradigm-insulin-pump-dos(69643)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx",
              "refsource": "MISC",
              "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
            },
            {
              "name": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/",
              "refsource": "MISC",
              "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
            },
            {
              "name": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR",
              "refsource": "MISC",
              "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
            },
            {
              "name": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html",
              "refsource": "MISC",
              "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
            },
            {
              "name": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces",
              "refsource": "MISC",
              "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
            },
            {
              "name": "paradigm-insulin-pump-dos(69643)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
            },
            {
              "name": "http://www.informationweek.com/news/security/vulnerabilities/231600265",
              "refsource": "MISC",
              "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
            },
            {
              "name": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html",
              "refsource": "MISC",
              "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3386",
    "datePublished": "2011-09-02T23:00:00",
    "dateReserved": "2011-09-02T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3386\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-09-02T23:55:05.427\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \\\"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en la bomba de insulina inalambirca Medtronic Paradigm 512, 522, 712 y 722, permite a atacantes remotos modificar la administraci\u00f3n de una dosis de insulina y provocar una denegaci\u00f3n de servicio (efectos adversos para la salud humana) a trav\u00e9s de vectores no especificados relacionados con las comunicaciones inal\u00e1mbricas y el conocimiento de la n\u00famero de serie del dispositivo, como se demuestra por Jerome Radcliffe en la conferencia Black Hat de EE.UU. en agosto de 2011. NOTA: el vendedor ha puesto en duda la gravedad de este asunto, diciendo que \\\"creemos que el riesgo de manipulaci\u00f3n deliberada, malintencionada o no autorizada de dispositivos m\u00e9dicos es muy bajo ... estamos convencidos de que ser\u00eda extremadamente dif\u00edcil para un tercero de forma inal\u00e1mbrica interferir en la bomba de insulina ... usted ser\u00eda capaz de detectar los tonos de la bomba de insulina que no estaban programados intencionalmente y podr\u00eda actuar en consecuencia. \\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:512:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2EB468-F01F-4ED8-A68D-912D5861E6FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:522:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD8F4622-A67F-46AB-8F44-D1D021FEE92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:712:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75DB801E-6E51-40A8-9424-923EEAB6EBFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:722:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B4EFD1-CB94-4453-AF69-F0DAE4BE3435\"}]}]}],\"references\":[{\"url\":\"http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.informationweek.com/news/security/vulnerabilities/231600265\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69643\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.informationweek.com/news/security/vulnerabilities/231600265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-3386

Vulnerability from fkie_nvd - Published: 2011-09-02 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html
	cve@mitre.org	http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html
	cve@mitre.org	http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces
	cve@mitre.org	http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx
	cve@mitre.org	http://www.informationweek.com/news/security/vulnerabilities/231600265
	cve@mitre.org	http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR
	cve@mitre.org	http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/69643
	af854a3a-2127-422b-91ae-364da2661108	http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces
	af854a3a-2127-422b-91ae-364da2661108	http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx
	af854a3a-2127-422b-91ae-364da2661108	http://www.informationweek.com/news/security/vulnerabilities/231600265
	af854a3a-2127-422b-91ae-364da2661108	http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR
	af854a3a-2127-422b-91ae-364da2661108	http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69643

Impacted products

Vendor	Product	Version
medtronic	paradigm_wireless_insulin_pump	512
medtronic	paradigm_wireless_insulin_pump	522
medtronic	paradigm_wireless_insulin_pump	712
medtronic	paradigm_wireless_insulin_pump	722

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:512:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2EB468-F01F-4ED8-A68D-912D5861E6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:522:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8F4622-A67F-46AB-8F44-D1D021FEE92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:712:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DB801E-6E51-40A8-9424-923EEAB6EBFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:722:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4EFD1-CB94-4453-AF69-F0DAE4BE3435",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la bomba de insulina inalambirca Medtronic Paradigm 512, 522, 712 y 722, permite a atacantes remotos modificar la administraci\u00f3n de una dosis de insulina y provocar una denegaci\u00f3n de servicio (efectos adversos para la salud humana) a trav\u00e9s de vectores no especificados relacionados con las comunicaciones inal\u00e1mbricas y el conocimiento de la n\u00famero de serie del dispositivo, como se demuestra por Jerome Radcliffe en la conferencia Black Hat de EE.UU. en agosto de 2011. NOTA: el vendedor ha puesto en duda la gravedad de este asunto, diciendo que \"creemos que el riesgo de manipulaci\u00f3n deliberada, malintencionada o no autorizada de dispositivos m\u00e9dicos es muy bajo ... estamos convencidos de que ser\u00eda extremadamente dif\u00edcil para un tercero de forma inal\u00e1mbrica interferir en la bomba de insulina ... usted ser\u00eda capaz de detectar los tonos de la bomba de insulina que no estaban programados intencionalmente y podr\u00eda actuar en consecuencia. \""
    }
  ],
  "id": "CVE-2011-3386",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-02T23:55:05.427",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-3386

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3386

Aliases

CVE-2011-3386

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3386",
    "description": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\"",
    "id": "GSD-2011-3386"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3386"
      ],
      "details": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\"",
      "id": "GSD-2011-3386",
      "modified": "2023-12-13T01:19:09.726537Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-3386",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx",
            "refsource": "MISC",
            "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
          },
          {
            "name": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/",
            "refsource": "MISC",
            "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
          },
          {
            "name": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR",
            "refsource": "MISC",
            "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
          },
          {
            "name": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html",
            "refsource": "MISC",
            "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
          },
          {
            "name": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces",
            "refsource": "MISC",
            "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
          },
          {
            "name": "paradigm-insulin-pump-dos(69643)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
          },
          {
            "name": "http://www.informationweek.com/news/security/vulnerabilities/231600265",
            "refsource": "MISC",
            "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
          },
          {
            "name": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html",
            "refsource": "MISC",
            "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:722:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:512:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:522:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:712:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3386"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
            },
            {
              "name": "http://www.informationweek.com/news/security/vulnerabilities/231600265",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
            },
            {
              "name": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
            },
            {
              "name": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
            },
            {
              "name": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
            },
            {
              "name": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
            },
            {
              "name": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
            },
            {
              "name": "paradigm-insulin-pump-dos(69643)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:30Z",
      "publishedDate": "2011-09-02T23:55Z"
    }
  }
}

GHSA-9W6R-M8W5-8XW6

Vulnerability from github – Published: 2022-05-17 01:53 – Updated: 2025-04-11 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3386"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-09-02T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\"",
  "id": "GHSA-9w6r-m8w5-8xw6",
  "modified": "2025-04-11T03:50:14Z",
  "published": "2022-05-17T01:53:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3386"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
    },
    {
      "type": "WEB",
      "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
    },
    {
      "type": "WEB",
      "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
    },
    {
      "type": "WEB",
      "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
    },
    {
      "type": "WEB",
      "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"
    },
    {
      "type": "WEB",
      "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
    },
    {
      "type": "WEB",
      "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"
    },
    {
      "type": "WEB",
      "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201109-0127

Vulnerability from variot - Updated: 2025-04-11 22:08

[slackware-security] libpng (SSA:2012-206-01)

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.12-i486-1_slack13.37.txz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz

Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.50-i386-1_slack9.0.tgz

Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz

Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.50-i486-1_slack10.0.tgz

Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz

Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.50-i486-1_slack10.2.tgz

Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz

Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.50-i486-1_slack12.0.tgz

Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.50-i486-1_slack12.1.tgz

Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.50-i486-1_slack12.2.tgz

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.50-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.50-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.12-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.12-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.12-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.12-x86_64-1_slack13.37.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.12-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.12-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 8.1 package: 284b6e6cbd863a3dcfedeb3f7ada3d13 libpng-1.2.50-i386-1_slack8.1.tgz

Slackware 9.0 package: 27933d103db0ec5d2e32469e5073d408 libpng-1.2.50-i386-1_slack9.0.tgz

Slackware 9.1 package: d7b029366f0f70c218b49101df56cafb libpng-1.2.50-i486-1_slack9.1.tgz

Slackware 10.0 package: 3de3405777a72d3a7d72991c4489853e libpng-1.2.50-i486-1_slack10.0.tgz

Slackware 10.1 package: e6d10a03b279b2138cab9383e638b621 libpng-1.2.50-i486-1_slack10.1.tgz

Slackware 10.2 package: 524e3febb22566c2b3131ca1eee7a385 libpng-1.2.50-i486-1_slack10.2.tgz

Slackware 11.0 package: 189f441d29495f927143a7c47ec77afb libpng-1.2.50-i486-1_slack11.0.tgz

Slackware 12.0 package: 1e21c28ed8dea4db2d4f8cfc00b858d9 libpng-1.2.50-i486-1_slack12.0.tgz

Slackware 12.1 package: 608b1c9f6426159a60722cd23ece3980 libpng-1.2.50-i486-1_slack12.1.tgz

Slackware 12.2 package: b1e9950108aa9d2800d639002e6b77a6 libpng-1.2.50-i486-1_slack12.2.tgz

Slackware 13.0 package: ae6b82cf5487bdc46422650ba374ff41 libpng-1.2.50-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 409da0ddfd159dd970cccf1c9dee251b libpng-1.2.50-x86_64-1_slack13.0.txz

Slackware 13.1 package: 3462a6eb530d084afcd20837b23d0ac7 libpng-1.4.12-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: c3058ef9d075ef9083ee7d7a977e6582 libpng-1.4.12-x86_64-1_slack13.1.txz

Slackware 13.37 package: e9191494e871534e11ec5020f8e72593 libpng-1.4.12-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 0fea01d53de95669592e9a037c3dc4b9 libpng-1.4.12-x86_64-1_slack13.37.txz

Slackware -current package: 29b9148f5beb384e944e34184d24ce59 l/libpng-1.4.12-i486-1.txz

Slackware x86_64 -current package: 1b546573b17ac7df03773856cc081692 l/libpng-1.4.12-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg libpng-1.4.12-i486-1_slack13.37.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlAPVhYACgkQakRjwEAQIjPiGQCfULwZEqcoTlCayAoSYnntgenl fqEAn2hCQqztZMMfLufIVoqDRky/os6w =m4TX -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0127",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "paradigm wireless insulin pump",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "medtronic",
        "version": "512"
      },
      {
        "model": "paradigm wireless insulin pump",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "medtronic",
        "version": "522"
      },
      {
        "model": "paradigm wireless insulin pump",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "medtronic",
        "version": "712"
      },
      {
        "model": "paradigm wireless insulin pump",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "medtronic",
        "version": "722"
      },
      {
        "model": "paradigm wireless insulin pump",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "medtronic",
        "version": "and  722"
      },
      {
        "model": "paradigm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "medtronic",
        "version": "7220"
      },
      {
        "model": "paradigm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "medtronic",
        "version": "712"
      },
      {
        "model": "paradigm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "medtronic",
        "version": "522"
      },
      {
        "model": "paradigm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "medtronic",
        "version": "512"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "49493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:medtronic:paradigm_wireless_insulin_pump",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jerome Radcliffe at the Black Hat USA",
    "sources": [
      {
        "db": "BID",
        "id": "49493"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3386",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2011-3386",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "VHN-51331",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3386",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3386",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201109-009",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51331",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device\u0027s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.  NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren\u0027t intentionally programmed and could intervene accordingly.\". \" Would also be possible. \"Service disruption by a third party ( Harmful effects on human health ) There is a possibility of being put into a state. \nSuccessful exploits will cause the device to crash, denying service to legitimate users. \nMedtronic Paradigm wireless insulin pump:\n512\n522\n712\n722. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  libpng (SSA:2012-206-01)\n\nNew libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix\nsecurity issues. \n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.4.12-i486-1_slack13.37.txz:  Upgraded. \n  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()\n  (fixes CVE-2011-3045). \n  Revised png_set_text_2() to avoid potential memory corruption (fixes\n    CVE-2011-3048). \n  Changed \"a+w\" to \"u+w\" in Makefile.in to fix CVE-2012-3386. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/libpng-1.2.50-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libpng-1.2.50-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libpng-1.2.50-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libpng-1.2.50-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libpng-1.2.50-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libpng-1.2.50-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libpng-1.2.50-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libpng-1.2.50-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.50-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.50-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.12-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.12-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.12-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.12-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.4.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.4.12-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 8.1 package:\n284b6e6cbd863a3dcfedeb3f7ada3d13  libpng-1.2.50-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n27933d103db0ec5d2e32469e5073d408  libpng-1.2.50-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nd7b029366f0f70c218b49101df56cafb  libpng-1.2.50-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n3de3405777a72d3a7d72991c4489853e  libpng-1.2.50-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ne6d10a03b279b2138cab9383e638b621  libpng-1.2.50-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n524e3febb22566c2b3131ca1eee7a385  libpng-1.2.50-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n189f441d29495f927143a7c47ec77afb  libpng-1.2.50-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n1e21c28ed8dea4db2d4f8cfc00b858d9  libpng-1.2.50-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n608b1c9f6426159a60722cd23ece3980  libpng-1.2.50-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nb1e9950108aa9d2800d639002e6b77a6  libpng-1.2.50-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nae6b82cf5487bdc46422650ba374ff41  libpng-1.2.50-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n409da0ddfd159dd970cccf1c9dee251b  libpng-1.2.50-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3462a6eb530d084afcd20837b23d0ac7  libpng-1.4.12-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nc3058ef9d075ef9083ee7d7a977e6582  libpng-1.4.12-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne9191494e871534e11ec5020f8e72593  libpng-1.4.12-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n0fea01d53de95669592e9a037c3dc4b9  libpng-1.4.12-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n29b9148f5beb384e944e34184d24ce59  l/libpng-1.4.12-i486-1.txz\n\nSlackware x86_64 -current package:\n1b546573b17ac7df03773856cc081692  l/libpng-1.4.12-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.4.12-i486-1_slack13.37.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niEYEARECAAYFAlAPVhYACgkQakRjwEAQIjPiGQCfULwZEqcoTlCayAoSYnntgenl\nfqEAn2hCQqztZMMfLufIVoqDRky/os6w\n=m4TX\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "BID",
        "id": "49493"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "db": "PACKETSTORM",
        "id": "115017"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3386",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "49493",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-51331",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "115017",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "db": "BID",
        "id": "49493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "115017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "id": "VAR-201109-0127",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T22:08:50.486000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.medtronic.com/about-medtronic/index.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"
      },
      {
        "trust": 1.7,
        "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"
      },
      {
        "trust": 1.7,
        "url": "http://www.hanselman.com/blog/hackerscankilldiabeticswithinsulinpumpsfromahalfmileawayumnofactsvsjournalisticfearmongering.aspx"
      },
      {
        "trust": 1.7,
        "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"
      },
      {
        "trust": 1.7,
        "url": "http://www.loop-blog.com/blog_full_post?id=a09c000000dbz3jiar"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3386"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3386"
      },
      {
        "trust": 0.3,
        "url": "http://www.medtronic.com/about-medtronic/index.htm"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3045"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3386"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3045"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3386"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3048"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "db": "BID",
        "id": "49493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "115017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "db": "BID",
        "id": "49493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "115017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "date": "2011-09-07T00:00:00",
        "db": "BID",
        "id": "49493"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "date": "2012-07-25T18:22:22",
        "db": "PACKETSTORM",
        "id": "115017"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "date": "2011-09-02T23:55:05.427000",
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51331"
      },
      {
        "date": "2011-09-07T00:00:00",
        "db": "BID",
        "id": "49493"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      },
      {
        "date": "2011-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2011-3386"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Medtronic Paradigm Service disruption in wireless insulin pumps  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004885"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-009"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3386 (GCVE-0-2011-3386)

FKIE_CVE-2011-3386

GSD-2011-3386

GHSA-9W6R-M8W5-8XW6

VAR-201109-0127

upgradepkg libpng-1.4.12-i486-1_slack13.37.txz

Tags

Sightings

Nomenclature