CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cvs cvs 1.11.14 |
||
cvs cvs 1.11.15 |
||
cvs cvs 1.12.1 |
||
cvs cvs 1.12.2 |
||
sgi propack 2.4 |
||
sgi propack 3.0 |
||
cvs cvs 1.11 |
||
cvs cvs 1.11.1 |
||
cvs cvs 1.11.1_p1 |
||
cvs cvs 1.11.3 |
||
cvs cvs 1.11.4 |
||
cvs cvs 1.12.8 |
||
openpkg openpkg |
||
cvs cvs 1.10.7 |
||
cvs cvs 1.10.8 |
||
cvs cvs 1.11.16 |
||
cvs cvs 1.11.2 |
||
cvs cvs 1.12.5 |
||
cvs cvs 1.12.7 |
||
cvs cvs 1.11.10 |
||
cvs cvs 1.11.11 |
||
cvs cvs 1.11.5 |
||
cvs cvs 1.11.6 |
||
openpkg openpkg 1.3 |
||
openpkg openpkg 2.0 |
||
openbsd openbsd 3.4 |
||
openbsd openbsd 3.5 |
||
gentoo linux 1.4 |
||
openbsd openbsd |
Vulmon