Vulnerability Description
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osgeo | Mapserver | <= 4.10.6 |
| Umn | Mapserver | 5.2.2 |
Related Weaknesses (CWE)
References
- http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlPatch
- http://secunia.com/advisories/45257Vendor Advisory
- http://secunia.com/advisories/45368Vendor Advisory
- http://trac.osgeo.org/mapserver/ticket/3903Patch
- http://www.debian.org/security/2011/dsa-2285
- http://www.openwall.com/lists/oss-security/2011/07/19/14Patch
- http://www.openwall.com/lists/oss-security/2011/07/20/15Patch
- http://www.securityfocus.com/bid/48720
- https://bugzilla.redhat.com/show_bug.cgi?id=723293Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68719
- http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlPatch
- http://secunia.com/advisories/45257Vendor Advisory
- http://secunia.com/advisories/45368Vendor Advisory
- http://trac.osgeo.org/mapserver/ticket/3903Patch
- http://www.debian.org/security/2011/dsa-2285
FAQ
What is CVE-2011-2704?
CVE-2011-2704 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
How severe is CVE-2011-2704?
CVE-2011-2704 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2704?
Check the references section above for vendor advisories and patch information. Affected products include: Osgeo Mapserver, Umn Mapserver.