REDHAT-BUG-784141: Medium severity CVS CVS client vulnerability
When correcting a crash in CVS [1] it was found that the CVS client suffers from a flaw that causes a heap overflow. If certain conditions are met, glib SIGABRTs the process because glibc memory management structures become corrupted. The flaw is in the proxyconnect() function (src/client.c), where sscanf() copies the first word from readbuf to writebuf without checking if there is enough space in writebuf.
This could allow a malicious HTTP proxy server to cause a denial of service to CVS clients or, possibly, execute arbitrary code on the client system with the privileges of the user running cvs, by sending a malicious HTTP response code to the connecting client.
[1] https://bugzilla.redhat.com/showbug.cgi?id=773699
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-784141?
The severity of REDHAT-BUG-784141 is considered critical due to the potential for heap overflow and memory corruption.
How do I fix REDHAT-BUG-784141?
To fix REDHAT-BUG-784141, update the CVS client to the latest version that addresses the vulnerability.
What causes the flaw in REDHAT-BUG-784141?
The flaw in REDHAT-BUG-784141 is caused by a heap overflow in the proxy_connect() function of the CVS client.
What are the consequences of REDHAT-BUG-784141 if exploited?
If exploited, REDHAT-BUG-784141 can lead to application crashes due to corrupted glibc memory management structures.
Which software is affected by REDHAT-BUG-784141?
REDHAT-BUG-784141 specifically affects the CVS client software.