Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16, may allow remote malicious users to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cvs cvs 1.11.1 |
||
cvs cvs 1.11.1_p1 |
||
cvs cvs 1.11.3 |
||
cvs cvs 1.11.4 |
||
openpkg openpkg |
||
openpkg openpkg 1.3 |
||
cvs cvs 1.10.7 |
||
cvs cvs 1.11.14 |
||
cvs cvs 1.11.15 |
||
cvs cvs 1.12.1 |
||
cvs cvs 1.12.2 |
||
sgi propack 3.0 |
||
cvs cvs 1.10.8 |
||
cvs cvs 1.11 |
||
cvs cvs 1.11.16 |
||
cvs cvs 1.11.2 |
||
cvs cvs 1.12.5 |
||
cvs cvs 1.12.7 |
||
cvs cvs 1.12.8 |
||
cvs cvs 1.11.10 |
||
cvs cvs 1.11.11 |
||
cvs cvs 1.11.5 |
||
cvs cvs 1.11.6 |
||
openpkg openpkg 2.0 |
||
sgi propack 2.4 |
||
openbsd openbsd 3.4 |
||
openbsd openbsd 3.5 |
||
gentoo linux 1.4 |
||
openbsd openbsd |
Vulmon