CyberSec.Space Logo
Back to CVE Browser

CVE-2017-1000116

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile25.37th
PublishedOct 5, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Affected Platforms (CPE)

πŸ“¦
Mercurial

Mercurial

< 4.3
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.6
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.5
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.6
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.6
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3963
πŸ”— http://www.securityfocus.com/bid/100290
πŸ”— https://access.redhat.com/errata/RHSA-2017:2489
πŸ”— https://security.gentoo.org/glsa/201709-18
πŸ”— https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
πŸ”— http://www.debian.org/security/2017/dsa-3963
πŸ”— http://www.securityfocus.com/bid/100290
πŸ”— https://access.redhat.com/errata/RHSA-2017:2489

Related Vulnerabilities

CVE-2007-044610.0

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8...

CVE-2007-137310.0

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute...

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2018-133859.8

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with pe...