Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-0804

Published: 29/05/2012 Updated: 13/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cvs

Vulnerability Summary

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Vulnerable Product Search on Vulmon Subscribe to Product

cvs cvs 1.11

cvs cvs 1.12

Vendor Advisories

Red Hat: Moderate: cvs security update
Synopsis Moderate: cvs security update Type/Severity Security Advisory: Moderate Topic Updated cvs packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Sco ...
Ubuntu Security Notice: cvs vulnerability
cvs could be made to crash or run programs as your login if it connected to a malicious proxy server ...
Debian Security Advisories: DSA-2407-1 cvs -- heap overflow
It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client For the stable distribution (squeeze), this problem has been fixed in version 1:11213-12+squeeze1 For the unstable distribution (sid), this problem has been fixed in version 2:112 ...
Amazon Linux AMI: ALAS-2012-051
A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client (CVE-2012-0804) ...

References

CWE-119http://secunia.com/advisories/48063http://secunia.com/advisories/48142http://secunia.com/advisories/47869http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.htmlhttp://www.securityfocus.com/bid/51943http://www.debian.org/security/2012/dsa-2407http://rhn.redhat.com/errata/RHSA-2012-0321.htmlhttp://www.osvdb.org/78987https://bugzilla.redhat.com/show_bug.cgi?id=784141http://ubuntu.com/usn/usn-1371-1http://secunia.com/advisories/48150http://www.securitytracker.com/id?1026719https://security.gentoo.org/glsa/201701-44https://exchange.xforce.ibmcloud.com/vulnerabilities/73097http://www.mandriva.com/security/advisories?name=MDVSA-2012:044https://access.redhat.com/errata/RHSA-2012:0321https://usn.ubuntu.com/1371-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook