CVE-2002-0092 - CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to c

CVE-2002-0092

Summary

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

References

http://marc.info/?l=vuln-dev&m=101422243817321&w=2
http://marc.info/?l=vuln-dev&m=101433077724524&w=2
http://www.debian.org/security/2002/dsa-117
http://www.iss.net/security_center/static/8366.php
http://www.redhat.com/support/errata/RHSA-2002-026.html
http://www.securityfocus.com/bid/4234

Vulnerable Configurations

cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 02:16)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2002:026

refmap via4

bid	4234
debian	DSA-117
vuln-dev	20020220 Help needed with bufferoverflow in cvs 20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]
xf	cvs-global-var-dos(8366)

Last major update

18-10-2016 - 02:16

Published

15-03-2002 - 05:00

Last modified

18-10-2016 - 02:16