CVE-2012-0804
NONE EPSS 94.3%
Published May 29, 201214y ago · Modified Jun 16, 20262w ago
Published May 29, 2012 14y ago
Last Modified Jun 16, 2026 2w ago
Description
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Threat Intelligence
EPSS Exploit Probability
94.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 2
References 15
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2012-02/msg00064.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2012-0321.html
- secunia.com http://secunia.com/advisories/47869
- secunia.com http://secunia.com/advisories/48063
- secunia.com http://secunia.com/advisories/48142
- secunia.com http://secunia.com/advisories/48150
- ubuntu.com http://ubuntu.com/usn/usn-1371-1
- debian.org http://www.debian.org/security/2012/dsa-2407
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2012:044
- osvdb.org http://www.osvdb.org/78987
- securityfocus.com http://www.securityfocus.com/bid/51943
- securitytracker.com http://www.securitytracker.com/id?1026719
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=784141
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/73097
- security.gentoo.org https://security.gentoo.org/glsa/201701-44
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.