CVE-2009-2281
published 2009-10-23CVE-2009-2281: Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.95%
92.4th percentile
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mapserver | < mapserver 5.4.2-1 (bookworm) | mapserver 5.4.2-1 (bookworm) |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | — | — |
| osgeo | mapserver | >= 0 < 5.4.2-1 | 5.4.2-1 |
| osgeo | mapserver | >= 0 < 5.4.2-1 | 5.4.2-1 |
| osgeo | mapserver | >= 0 < 5.4.2-1 | 5.4.2-1 |
| osgeo | mapserver | >= 0 < 5.4.2-1 | 5.4.2-1 |
| umn | mapserver | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6726-5cj2-9h6f: Multiple heap-based buffer underflows in the readPostBody function in cgiutil
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2009-2281 [CRITICAL] CWE-119 GHSA-6726-5cj2-9h6f: Multiple heap-based buffer underflows in the readPostBody function in cgiutil
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
OSV
CVE-2009-2281: Multiple heap-based buffer underflows in the readPostBody function in cgiutil
osv·2009-10-23·CVSS 10.0
CVE-2009-2281 [CRITICAL] CVE-2009-2281: Multiple heap-based buffer underflows in the readPostBody function in cgiutil
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
Debian
CVE-2009-2281: mapserver - Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c ...
vendor_debian·2009·CVSS 10.0
CVE-2009-2281 [CRITICAL] CVE-2009-2281: mapserver - Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c ...
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
Scope: local
bookworm: resolved (fixed in 5.4.2-1)
bullseye: resolved (fixed in 5.4.2-1)
forky: resolved (fixed in 5.4.2-1)
sid: resolved (fixed in 5.4.2-1)
trixie: resolved (fixed in 5.4.2-1)
Red Hat
mapserver: incomplete upstream fix for CVE-2009-0840
vendor_redhat·CVSS 10.0
CVE-2009-2281 [CRITICAL] mapserver: incomplete upstream fix for CVE-2009-0840
mapserver: incomplete upstream fix for CVE-2009-0840
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
No detection rules found.
No public exploits indexed.
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gzhttp://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gzhttp://trac.osgeo.org/mapserver/browser/tags/rel-5-4-2/mapserver/HISTORY.TXThttp://trac.osgeo.org/mapserver/ticket/2943http://www.debian.org/security/2009/dsa-1914http://www.openwall.com/lists/oss-security/2009/07/01/1http://www.openwall.com/lists/oss-security/2009/07/01/6http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gzhttp://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gzhttp://trac.osgeo.org/mapserver/browser/tags/rel-5-4-2/mapserver/HISTORY.TXThttp://trac.osgeo.org/mapserver/ticket/2943http://www.debian.org/security/2009/dsa-1914http://www.openwall.com/lists/oss-security/2009/07/01/1http://www.openwall.com/lists/oss-security/2009/07/01/6
2009-10-23
Published