CVE-2012-0804
published 2012-05-29CVE-2012-0804: Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.40%
94.3th percentile
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | >= 0 < 2:1.12.13+real-7 | 2:1.12.13+real-7 |
| cvs | cvs | >= 0 < 2:1.12.13+real-7 | 2:1.12.13+real-7 |
| cvs | cvs | >= 0 < 2:1.12.13+real-7 | 2:1.12.13+real-7 |
| cvs | cvs | >= 0 < 2:1.12.13+real-7 | 2:1.12.13+real-7 |
| debian | cvs | < cvs 2:1.12.13+real-7 (bookworm) | cvs 2:1.12.13+real-7 (bookworm) |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cvs vulnerability
vendor_ubuntu·2012-02-22
CVE-2012-0804 cvs vulnerability
Title: cvs vulnerability
Summary: cvs could be made to crash or run programs as your login if it connected to
a malicious proxy server.
It was discovered that cvs incorrectly handled certain responses from
proxy servers. If a user were tricked into connecting to a malicious proxy
server, a remote attacker could cause cvs to crash, or possibly execute
arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cvs: client proxy_connect heap-based buffer overflow
vendor_redhat·2012-02-06·CVSS 10.0
CVE-2012-0804 [CRITICAL] CWE-122 cvs: client proxy_connect heap-based buffer overflow
cvs: client proxy_connect heap-based buffer overflow
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Package: cvs (Red Hat Enterprise Linux 4) - Not affected
Debian
CVE-2012-0804: cvs - Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS ...
vendor_debian·2012·CVSS 10.0
CVE-2012-0804 [CRITICAL] CVE-2012-0804: cvs - Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS ...
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Scope: local
bookworm: resolved (fixed in 2:1.12.13+real-7)
bullseye: resolved (fixed in 2:1.12.13+real-7)
forky: resolved (fixed in 2:1.12.13+real-7)
sid: resolved (fixed in 2:1.12.13+real-7)
trixie: resolved (fixed in 2:1.12.13+real-7)
GHSA
GHSA-fr3c-7j3p-qm6p: Heap-based buffer overflow in the proxy_connect function in src/client
ghsa_unreviewed·2022-05-14
CVE-2012-0804 [HIGH] CWE-119 GHSA-fr3c-7j3p-qm6p: Heap-based buffer overflow in the proxy_connect function in src/client
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
OSV
CVE-2012-0804: Heap-based buffer overflow in the proxy_connect function in src/client
osv·2012-05-29·CVSS 10.0
CVE-2012-0804 [CRITICAL] CVE-2012-0804: Heap-based buffer overflow in the proxy_connect function in src/client
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
No detection rules found.
Bugzilla
CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow [fedora-all]
bugzilla·2012-02-06·CVSS 10.0
CVE-2012-0804 [CRITICAL] CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow [fedora-all]
CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=secu
Bugzilla
CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow
bugzilla·2012-01-23·CVSS 10.0
CVE-2012-0804 [CRITICAL] CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow
CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow
When correcting a crash in CVS [1] it was found that the CVS client suffers from a flaw that causes a heap overflow. If certain conditions are met, glib SIGABRTs the process because glibc memory management structures become corrupted. The flaw is in the proxy_connect() function (src/client.c), where sscanf() copies the first word from read_buf to write_buf without checking if there is enough space in write_buf.
This could allow a malicious HTTP proxy server to cause a denial of service to CVS clients or, possibly, execute arbitrary code on the client system with the privileges of the user running cvs, by sending a malicious HTTP response code to the connecting client.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=77369
http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0321.htmlhttp://secunia.com/advisories/47869http://secunia.com/advisories/48063http://secunia.com/advisories/48142http://secunia.com/advisories/48150http://ubuntu.com/usn/usn-1371-1http://www.debian.org/security/2012/dsa-2407http://www.mandriva.com/security/advisories?name=MDVSA-2012:044http://www.osvdb.org/78987http://www.securityfocus.com/bid/51943http://www.securitytracker.com/id?1026719https://bugzilla.redhat.com/show_bug.cgi?id=784141https://exchange.xforce.ibmcloud.com/vulnerabilities/73097https://security.gentoo.org/glsa/201701-44http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0321.htmlhttp://secunia.com/advisories/47869http://secunia.com/advisories/48063http://secunia.com/advisories/48142http://secunia.com/advisories/48150http://ubuntu.com/usn/usn-1371-1http://www.debian.org/security/2012/dsa-2407http://www.mandriva.com/security/advisories?name=MDVSA-2012:044http://www.osvdb.org/78987http://www.securityfocus.com/bid/51943http://www.securitytracker.com/id?1026719https://bugzilla.redhat.com/show_bug.cgi?id=784141https://exchange.xforce.ibmcloud.com/vulnerabilities/73097https://security.gentoo.org/glsa/201701-44
2012-05-29
Published