CVS.Entry.Line.Flag.Remote.Heap.Overflow
Description
This indicates an attempt to exploit a vulnerability in Concurrent Versions System (CVS) servers.
The issue exists due to insufficient boundary checks by the application. A remote attacker can cause a heap overflow in the code that decides if a CVS entry line should have a "modified" or "unchanged" flag set. As a result the attacker may be able to execute arbitrary code on the system.
Affected Products
CVS version 1.12.7 and earlier.
Impact
System compromise: Remote code execution.
Recommended Actions
Update to CVS version 1.12. or newer.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |