Your submission was sent successfully! Close

CVE-2012-0804

Published: 9 February 2012

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Notes

AuthorNote
mdeslaur
DSA-2407-1
Priority

Medium

Status

Package Release Status
cvs
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1:1.12.13-12ubuntu1.10.04.1)
maverick
Released (1:1.12.13-12ubuntu1.10.10.1)
natty
Released (1:1.12.13-12ubuntu1.11.04.1)
oneiric
Released (2:1.12.13+real-6ubuntu0.1)
upstream
Released (2:1.12.13+real-7)