CVE-2011-2704 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mapserver

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.5HIGHNVD

EPSS

7.6%

top 8.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Osgeo Mapserver Debian Mapserver UMN Mapserver

Timeline

PublishedAug 1

Latest updateMay 13

Description

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/mapserver< mapserver 6.0.1-1 (bookworm)

▶Debianosgeo/mapserver< 6.0.1-1+3

▶NVDosgeo/mapserver4.10.6+19

▶NVDumn/mapserver5 versions+4

Patches

Patch: lists.osgeo.org ↗Patch: trac.osgeo.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-5p55-9x25-v5f2: Stack-based buffer overflow in MapServer before 4↗2022-05-13

▶

OSV

CVE-2011-2704: Stack-based buffer overflow in MapServer before 4↗2011-08-01

▶

📋Vendor Advisories

Debian

CVE-2011-2704: mapserver - Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allo...↗2011

▶

💬Community

Bugzilla

CVE-2011-2703 CVE-2011-2704 CVE-2011-2975 MapServer (v6.0.1, v5.6.7 and v4.10.7): Multiple SQL injections and one (stack-based) buffer overflow flaw↗2011-07-19

▶