PT-2015-4225 · Mercurial+2 · Mercurial+2

Publicado

2015-03-20

Atualizado

2022-05-14

CVE-2014-9462

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 3.2.4

Description The issue allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. This is related to the validaterepo function in sshpeer.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the clone command with crafted repository names until a patch is applied.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1586

CVE-2014-9462

DLA-237-1

DSA-3257-1

GHSA-3PMW-H7J4-RF54

MGASA-2015-0129

PYSEC-2015-14

SUSE-SU-2015:0817-1

SUSE-SU-2015:0836-1

SUSE-SU-2015_0817-1

SUSE-SU-2015_0836-1

Produtos afetados

Alt Linux

Mercurial

Suse

PT-2015-4225 · Mercurial+2 · Mercurial+2

CVE-2014-9462

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40