CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1176

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile42.91th
PublishedMar 31, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.

Affected Platforms (CPE)

πŸ“¦
Osgeo

Mapserver

= 4.2.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.1
πŸ“¦
Osgeo

Mapserver

= 4.10.2
πŸ“¦
Osgeo

Mapserver

= 4.10.3
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.1
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0

References & Advisories

πŸ”— http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
πŸ”— http://secunia.com/advisories/34603
πŸ”— http://www.positronsecurity.com/advisories/2009-000.html
πŸ”— http://www.securityfocus.com/archive/1/502271/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/34306
πŸ”— http://www.securitytracker.com/id?1021952
πŸ”— https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
πŸ”— https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

Related Vulnerabilities

CVE-2009-084010.0

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2...

CVE-2009-083910.0

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map...

CVE-2009-084110.0

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Win...

CVE-2009-117710.0

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown...