CVE-2012-0804: Buffer Overflow
Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Other sources
When correcting a crash in CVS [1] it was found that the CVS client suffers from a flaw that causes a heap overflow. If certain conditions are met, glib SIGABRTs the process because glibc memory management structures become corrupted. The flaw is in the proxyconnect() function (src/client.c), where sscanf() copies the first word from readbuf to writebuf without checking if there is enough space in writebuf.
This could allow a malicious HTTP proxy server to cause a denial of service to CVS clients or, possibly, execute arbitrary code on the client system with the privileges of the user running cvs, by sending a malicious HTTP response code to the connecting client.
[1] https://bugzilla.redhat.com/showbug.cgi?id=773699
— Red Hat
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2012-0804?
CVE-2012-0804 is classified as a high severity vulnerability due to the potential for denial of service and arbitrary code execution.
How do I fix CVE-2012-0804?
To remediate CVE-2012-0804, upgrade to versions 1.11.23 or 1.12.13 of CVS which contain the necessary patches.
What software is affected by CVE-2012-0804?
CVE-2012-0804 affects CVS versions 1.11 and 1.12 specifically.
What type of vulnerability is CVE-2012-0804?
CVE-2012-0804 is a heap-based buffer overflow vulnerability.
Can CVE-2012-0804 be exploited remotely?
Yes, CVE-2012-0804 can be exploited remotely by sending a crafted HTTP response through a proxy.