CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability

CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.

CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.

**UPDATE: Symantec has confirmed that this vulnerability is being actively exploited in the wild. Administrators are urged to upgrade and block external access to potentially vulnerable servers, if possible.


Privacy Statement
Copyright 2010, SecurityFocus