CVS.Malformed.Entry.Modified.Heap.Overflow
Description
This indicates an attempt to exploit a vulnerability in Concurrent Versions System (CVS) servers. This issue exists due to insufficient boundary checks performed by the application. A remote attacker can cause a heap overflow in the code that decides if a CVS entry line should get a modified or unchanged flag attached. As a result the attacker may be able to execute arbitrary code on the system.
Affected Products
CVS version 1.12.7 and earlier.
Impact
System compromise, remote code execution.
Recommended Actions
Update to CVS version 1.12. or newer.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |