CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-0804

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile2.58th
Published2012年5月29日
Last Modified2026年4月29日

Vulnerability Description

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Affected Platforms (CPE)

📦
Cvs

Cvs

= 1.11
📦
Cvs

Cvs

= 1.12

References & Advisories

🔗 http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html
🔗 http://rhn.redhat.com/errata/RHSA-2012-0321.html
🔗 http://secunia.com/advisories/47869
🔗 http://secunia.com/advisories/48063
🔗 http://secunia.com/advisories/48142
🔗 http://secunia.com/advisories/48150
🔗 http://ubuntu.com/usn/usn-1371-1
🔗 http://www.debian.org/security/2012/dsa-2407

関連する脆弱性情報

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-041410.0

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL ter...

CVE-2004-041610.0

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remot...

CVE-2019-45219.8

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute ar...