CVS.Malformed.Entry.Modified.Heap.Overflow

description-logoDescription

This indicates an attempt to exploit a vulnerability in Concurrent Versions System (CVS) servers. This issue exists due to insufficient boundary checks performed by the application. A remote attacker can cause a heap overflow in the code that decides if a CVS entry line should get a modified or unchanged flag attached. As a result the attacker may be able to execute arbitrary code on the system.

affected-products-logoAffected Products

CVS version 1.12.7 and earlier.

Impact logoImpact

System compromise, remote code execution.

recomended-action-logoRecommended Actions

Update to CVS version 1.12. or newer.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1 1