Описание
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 5.4.2-1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 5.0.0-3ubuntu0.1 |
| intrepid | released | 5.0.3-2ubuntu0.1 |
| jaunty | released | 5.0.3-3ubuntu0.1 |
| karmic | not-affected | 5.4.2-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
10 Critical
CVSS2
Связанные уязвимости
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2 ...
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
EPSS
10 Critical
CVSS2