CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0804

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile2.58th
PublishedMay 29, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Affected Platforms (CPE)

πŸ“¦
Cvs

Cvs

= 1.11
πŸ“¦
Cvs

Cvs

= 1.12

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-0321.html
πŸ”— http://secunia.com/advisories/47869
πŸ”— http://secunia.com/advisories/48063
πŸ”— http://secunia.com/advisories/48142
πŸ”— http://secunia.com/advisories/48150
πŸ”— http://ubuntu.com/usn/usn-1371-1
πŸ”— http://www.debian.org/security/2012/dsa-2407

Related Vulnerabilities

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-041410.0

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL ter...

CVE-2004-041610.0

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remot...

CVE-2019-45219.8

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute ar...