7.5

CVE-2011-2704

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OsgeoMapserver Version <= 4.10.6
OsgeoMapserver Version4.2.0 Updatebeta1
OsgeoMapserver Version4.4.0
OsgeoMapserver Version4.4.0 Updatebeta1
OsgeoMapserver Version4.4.0 Updatebeta2
OsgeoMapserver Version4.4.0 Updatebeta3
OsgeoMapserver Version4.6.0
OsgeoMapserver Version4.6.0 Updatebeta1
OsgeoMapserver Version4.6.0 Updatebeta2
OsgeoMapserver Version4.6.0 Updatebeta3
OsgeoMapserver Version4.6.0 Updaterc1
OsgeoMapserver Version4.8.0 Updatebeta1
OsgeoMapserver Version4.8.0 Updatebeta2
OsgeoMapserver Version4.8.0 Updatebeta3
OsgeoMapserver Version4.8.0 Updaterc1
OsgeoMapserver Version4.8.0 Updaterc2
OsgeoMapserver Version4.10.0
OsgeoMapserver Version4.10.0 Updatebeta1
OsgeoMapserver Version4.10.0 Updatebeta2
OsgeoMapserver Version4.10.0 Updatebeta3
OsgeoMapserver Version4.10.0 Updaterc1
OsgeoMapserver Version4.10.1
OsgeoMapserver Version4.10.2
OsgeoMapserver Version4.10.3
OsgeoMapserver Version4.10.4
OsgeoMapserver Version4.10.5
OsgeoMapserver Version5.0.0
OsgeoMapserver Version5.0.0 Updatebeta1
OsgeoMapserver Version5.0.0 Updatebeta2
OsgeoMapserver Version5.0.0 Updatebeta3
OsgeoMapserver Version5.0.0 Updatebeta4
OsgeoMapserver Version5.0.0 Updatebeta5
OsgeoMapserver Version5.0.0 Updatebeta6
OsgeoMapserver Version5.0.0 Updaterc1
OsgeoMapserver Version5.0.0 Updaterc2
OsgeoMapserver Version5.2.0
OsgeoMapserver Version5.2.0 Updatebeta1
OsgeoMapserver Version5.2.0 Updatebeta2
OsgeoMapserver Version5.2.0 Updatebeta3
OsgeoMapserver Version5.2.0 Updatebeta4
OsgeoMapserver Version5.2.0 Updaterc1
OsgeoMapserver Version5.2.1
OsgeoMapserver Version5.4.0
OsgeoMapserver Version5.4.0 Updatebeta1
OsgeoMapserver Version5.4.0 Updatebeta2
OsgeoMapserver Version5.4.0 Updatebeta3
OsgeoMapserver Version5.4.0 Updatebeta4
OsgeoMapserver Version5.4.0 Updaterc1
OsgeoMapserver Version5.4.0 Updaterc2
OsgeoMapserver Version5.4.1
OsgeoMapserver Version5.4.2
OsgeoMapserver Version5.6.0
OsgeoMapserver Version5.6.1
OsgeoMapserver Version5.6.3
UmnMapserver Version5.2.2
UmnMapserver Version5.2.3
UmnMapserver Version5.6.4
UmnMapserver Version5.6.5
UmnMapserver Version5.6.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.22% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Patch
http://secunia.com/advisories/45257
Vendor Advisory
http://secunia.com/advisories/45368
Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903
Patch
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/14
Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15
Patch
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=723293
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68719