CVE-2002-0844

HIGH

CVS <1.11.2 - Buffer Overflow

Title source: llm

Description

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

References (7)

[Broken Link, Patch, Vendor Advisory] ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt

[Broken Link] ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc

[Broken Link, Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html

[Mailing List] http://marc.info/?l=bugtraq&m=102233767925177&w=2

[Broken Link] http://www.redhat.com/support/errata/RHSA-2004-004.html

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/4829

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/9175

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-193

Status draft

Affected Products (1)

distrotech/cvs < 1.11.2

Timeline

Published Aug 12, 2002

Tracked Since Feb 18, 2026