CVE-2012-0804

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow10 documents9 sources

Severity

10.0CRITICAL

EPSS

2.5%

top 14.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CVS CVS

Timeline

PublishedMay 29

Latest updateMay 14

Description

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debiancvs< 2:1.12.13+real-7+3

▶NVDcvs/cvs1.11, 1.12+1

🔴Vulnerability Details

GHSA

GHSA-fr3c-7j3p-qm6p: Heap-based buffer overflow in the proxy_connect function in src/client↗2022-05-14

▶

OSV

CVE-2012-0804: Heap-based buffer overflow in the proxy_connect function in src/client↗2012-05-29

▶

CVEList

CVE-2012-0804: Heap-based buffer overflow in the proxy_connect function in src/client↗2012-05-29

▶

💥Exploits & PoCs

Exploit-DB

Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities↗2013-01-31

▶

📋Vendor Advisories

Ubuntu

cvs vulnerability↗2012-02-22

▶

Red Hat

cvs: client proxy_connect heap-based buffer overflow↗2012-02-06

▶

Debian

CVE-2012-0804: cvs - Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS ...↗2012

▶

💬Community

Bugzilla

CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow [fedora-all]↗2012-02-06

▶

Bugzilla

CVE-2012-0804 cvs: client proxy_connect heap-based buffer overflow↗2012-01-23

▶