CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability

CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability

CORE has developed a working commercial exploit for their IMPACT
product. This exploit is not otherwise publicly available or known
to be circulating in the wild.

Symantec has confirmed successful exploitation of this vulnerability in the wild. The following exploit code has been published:

/data/vulnerabilities/exploits/cvs_linux_freebsd_HEAP.c
/data/vulnerabilities/exploits/cvs_solaris_HEAP.c