Lucene search

[email protected]CVE-2012-0804

HistoryMay 29, 2012 - 8:55 p.m.

CVE-2012-0804

2012-05-2920:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-0804

buffer overflow

denial of service

remote code execution

cvs 1.11

cvs 1.12

nvd

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.8%

JSON

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

CPENameOperatorVersion
cvs:cvscvseq1.11
cvs:cvscvseq1.12

CPE	Name	Operator	Version
cvs:cvs	cvs	eq	1.11
cvs:cvs	cvs	eq	1.12

References

lists.opensuse.org/opensuse-updates/2012-02/msg00064.html

rhn.redhat.com/errata/RHSA-2012-0321.html

secunia.com/advisories/47869

secunia.com/advisories/48063

secunia.com/advisories/48142

secunia.com/advisories/48150

ubuntu.com/usn/usn-1371-1

www.debian.org/security/2012/dsa-2407

www.mandriva.com/security/advisories?name=MDVSA-2012:044

www.osvdb.org/78987

www.securityfocus.com/bid/51943

www.securitytracker.com/id?1026719

bugzilla.redhat.com/show_bug.cgi?id=784141

exchange.xforce.ibmcloud.com/vulnerabilities/73097

security.gentoo.org/glsa/201701-44

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2012-0804

nessus16 veracode1 redhat1 openvas17 amazon1 gentoo1 debiancve1 fedora2 centos1 ubuntucve1 securityvulns2 osv1 alpinelinux1 prion1 oraclelinux1 debian1 ubuntu1