CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-1176

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile42.91th
Published2009年3月31日
Last Modified2026年4月23日

Vulnerability Description

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.

Affected Platforms (CPE)

📦
Osgeo

Mapserver

= 4.2.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.1
📦
Osgeo

Mapserver

= 4.10.2
📦
Osgeo

Mapserver

= 4.10.3
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.1
📦
Umn

Mapserver

= 4.0
📦
Umn

Mapserver

= 4.0
📦
Umn

Mapserver

= 4.0

References & Advisories

🔗 http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
🔗 http://secunia.com/advisories/34603
🔗 http://www.positronsecurity.com/advisories/2009-000.html
🔗 http://www.securityfocus.com/archive/1/502271/100/0/threaded
🔗 http://www.securityfocus.com/bid/34306
🔗 http://www.securitytracker.com/id?1021952
🔗 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
🔗 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

相关漏洞威胁

CVE-2009-084010.0

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2...

CVE-2009-083910.0

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map...

CVE-2009-084110.0

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Win...

CVE-2009-117710.0

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown...