CVE-2010-3846

Name of the Vulnerable Software and Affected Versions CVS version 1.11.23

Description The issue is related to an array index error in the apply rcs change function, located in the rcs.c file. This error can be exploited by local users to gain privileges through a specially crafted RCS file that contains delta fragment changes. These changes trigger a heap-based buffer overflow.

Recommendations For CVS version 1.11.23, consider restricting access to the apply rcs change function in the rcs.c file until a patch is available. As a temporary workaround, avoid using RCS files that contain crafted delta fragment changes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.