Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
References
Configurations
Configuration 1 (hide)
|
History
01 Jun 2021, 13:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:umn:mapserver:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10.2:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.0:beta4:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.6.0:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.8:rc2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.6.0:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.8:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.6.0:beta3:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.8:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta6:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.0:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta5:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.8:rc1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10:rc1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10:beta3:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10.0:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.0:beta3:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10.3:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.4.0:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.4.0:beta2:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:4.10.1:*:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.0:beta1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:umn:mapserver:5.2.0:rc1:*:*:*:*:*:* |
cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:* cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:* |
28 May 2021, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:* |
Information
Published : 2009-03-31 18:24
Updated : 2024-02-04 17:33
NVD link : CVE-2009-0840
Mitre link : CVE-2009-0840
CVE.ORG link : CVE-2009-0840
JSON object : View
Products Affected
osgeo
- mapserver
umn
- mapserver
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer