CVE-2009-2281
MapServer 4.x-4.10.4 and 5.x < 5.4.2 - Remote Code Execution via Crafted Content-Length Header
Title source: llmDescription
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/01/6
Patch x_refsource_confirm
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gz
Various Sources x_refsource_confirm
http://trac.osgeo.org/mapserver/browser/tags/rel-5-4-2/mapserver/HISTORY.TXT
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/01/1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1914
Various Sources x_refsource_confirm
http://trac.osgeo.org/mapserver/ticket/2943
Patch x_refsource_confirm
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gz
Scores
EPSS
0.0595
EPSS Percentile
92.4%
Details
CWE
CWE-119
Status
published
Products (14)
osgeo/mapserver
4.2.0 beta1
osgeo/mapserver
4.4.0 (4 CPE variants)
osgeo/mapserver
4.6.0 (5 CPE variants)
osgeo/mapserver
4.8.0 beta1 (5 CPE variants)
osgeo/mapserver
4.10.0 (5 CPE variants)
osgeo/mapserver
4.10.1
osgeo/mapserver
4.10.2
osgeo/mapserver
4.10.3
osgeo/mapserver
4.10.4
osgeo/mapserver
5.0.0 (9 CPE variants)
... and 4 more
Published
Oct 23, 2009
Tracked Since
Feb 18, 2026