CVE-2012-0804

Name of the Vulnerable Software and Affected Versions CVS versions 1.11 through 1.12

Description The issue concerns multiple vulnerabilities in the CVS package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in the proxy connect function in src/client.c can cause a denial of service (crash) and possibly allow the execution of arbitrary code via a crafted HTTP response.

Recommendations For CVS versions 1.11 through 1.12, consider disabling the proxy connect function as a temporary workaround until a patch is available. Restrict access to the CVS service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.