CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-1000116

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile25.37th
Published2017年10月5日
Last Modified2026年5月13日

Vulnerability Description

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Affected Platforms (CPE)

📦
Mercurial

Mercurial

< 4.3
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Redhat

Enterprise Linux Desktop

= 7.0
💻
Redhat

Enterprise Linux Server

= 7.0
💻
Redhat

Enterprise Linux Server Aus

= 7.4
💻
Redhat

Enterprise Linux Server Aus

= 7.6
💻
Redhat

Enterprise Linux Server Eus

= 7.4
💻
Redhat

Enterprise Linux Server Eus

= 7.5
💻
Redhat

Enterprise Linux Server Eus

= 7.6
💻
Redhat

Enterprise Linux Server Tus

= 7.4
💻
Redhat

Enterprise Linux Server Tus

= 7.6
💻
Redhat

Enterprise Linux Workstation

= 7.0

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3963
🔗 http://www.securityfocus.com/bid/100290
🔗 https://access.redhat.com/errata/RHSA-2017:2489
🔗 https://security.gentoo.org/glsa/201709-18
🔗 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
🔗 http://www.debian.org/security/2017/dsa-3963
🔗 http://www.securityfocus.com/bid/100290
🔗 https://access.redhat.com/errata/RHSA-2017:2489

関連する脆弱性情報

CVE-2007-044610.0

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8...

CVE-2007-137310.0

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute...

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2018-133859.8

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with pe...