CVE-2010-3846
published 2010-11-05CVE-2010-3846: Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta…
PriorityP424medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.39%
31.0th percentile
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| cvs | cvs | >= 0 < 1.12.12-r0 | 1.12.12-r0 |
| debian | cvs | — | — |
| nongnu | cvs | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cvs: Heap-based buffer overflow by applying RCS file changes
vendor_redhat·2010-10-21·CVSS 6.9
CVE-2010-3846 [MEDIUM] CWE-122 cvs: Heap-based buffer overflow by applying RCS file changes
cvs: Heap-based buffer overflow by applying RCS file changes
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Package: cvs (Red Hat Enterprise Linux 4) - Not affected
Package: cvs (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2010-3846: cvs - Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allow...
vendor_debian·2010·CVSS 6.9
CVE-2010-3846 [MEDIUM] CVE-2010-3846: cvs - Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allow...
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-xxxv-8qg4-6qv9: Array index error in the apply_rcs_change function in rcs
ghsa_unreviewed·2022-05-17
CVE-2010-3846 [MEDIUM] CWE-119 GHSA-xxxv-8qg4-6qv9: Array index error in the apply_rcs_change function in rcs
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
OSV
CVE-2010-3846: Array index error in the apply_rcs_change function in rcs
osv·2010-11-05·CVSS 6.9
CVE-2010-3846 [MEDIUM] CVE-2010-3846: Array index error in the apply_rcs_change function in rcs
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes [fedora-all]
bugzilla·2010-10-21·CVSS 6.9
CVE-2010-3846 [MEDIUM] CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes [fedora-all]
CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=642146
Please note: this issue aff
Bugzilla
CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes
bugzilla·2010-10-12·CVSS 6.9
CVE-2010-3846 [MEDIUM] CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes
CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes
An array index error, leading to heap-based buffer overflow was found
in the way CVS version control system applied certain delta fragments
changes from input file in the RCS (Revision Control System file)
format. A local attacker, with access to the system controlling the
repository, could store a specially-crafted RCS file into the CVS
repository and trick the remote user to checkout (update their
CVS repository tree) with this file, which could lead to arbitrary code
execution with the privileges of the CVS server process on the
system hosting the CVS repository.
References:
[1] http://www.gnu.org/software/rcs/
Upstream changeset:
[2] http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262
http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=revhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.htmlhttp://secunia.com/advisories/41079http://secunia.com/advisories/42041http://secunia.com/advisories/42409http://www.osvdb.org/68952http://www.redhat.com/support/errata/RHSA-2010-0918.htmlhttp://www.securityfocus.com/bid/44528http://www.securitytracker.com/id?1024795http://www.vupen.com/english/advisories/2010/2845http://www.vupen.com/english/advisories/2010/2846http://www.vupen.com/english/advisories/2010/2869http://www.vupen.com/english/advisories/2010/2899http://www.vupen.com/english/advisories/2010/3080https://bugzilla.redhat.com/show_bug.cgi?id=642146https://exchange.xforce.ibmcloud.com/vulnerabilities/62858http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=revhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.htmlhttp://secunia.com/advisories/41079http://secunia.com/advisories/42041http://secunia.com/advisories/42409http://www.osvdb.org/68952http://www.redhat.com/support/errata/RHSA-2010-0918.htmlhttp://www.securityfocus.com/bid/44528http://www.securitytracker.com/id?1024795http://www.vupen.com/english/advisories/2010/2845http://www.vupen.com/english/advisories/2010/2846http://www.vupen.com/english/advisories/2010/2869http://www.vupen.com/english/advisories/2010/2899http://www.vupen.com/english/advisories/2010/3080https://bugzilla.redhat.com/show_bug.cgi?id=642146https://exchange.xforce.ibmcloud.com/vulnerabilities/62858
2010-11-05
Published