CVE-2012-0804

Description

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Affected packages (3)

• Alpine/cvsfrom 0, < 1.12.12-r0
• Debian/cvsfrom 0, < 2:1.12.13+real-7
• Debian/cvsfrom 0, < 1:1.12.13-12+squeeze1

References (2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2012-0804
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-0804