CVE-2017-9462

HIGH

Mercurial < 4.1.3 - Authenticated Remote Code Execution via Debugger Repository Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9462. PoCs published by claudijd, including Metasploit module exploits/linux/ssh/mercurial_ssh_exec.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Mercurial's custom hg-ssh wrapper by triggering a Python debugger session, allowing arbitrary Python code execution. It leverages SSH authentication with a private key to execute the payload.

Description

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

Exploits (1)

metasploit WORKING POC EXCELLENT

by claudijd · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/mercurial_ssh_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in Mercurial's custom hg-ssh wrapper by triggering a Python debugger session, allowing arbitrary Python code execution. It leverages SSH authentication with a private key to execute the payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mercurial (versions prior to 4.1.3)

Auth required

Prerequisites: SSH access with valid credentials · Private key for authentication · Vulnerable Mercurial version

MITRE ATT&CK

T1021.004 - SSH

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:1576

Mailing List, Vendor Advisory x_refsource_confirm

https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

Release Notes, Vendor Advisory x_refsource_confirm

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2017/dsa-3963

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201709-18

Issue Tracking, Mailing List, Patch, Third Party Advisory x_refsource_confirm

https://bugs.debian.org/861243

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99123

Scores

CVSS v3 8.8

EPSS 0.4870

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (19)

debian/debian_linux 8.0

debian/debian_linux 9.0

mercurial/mercurial < 4.1.3

pypi/mercurial 0 - 4.1.3PyPI

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.3

redhat/enterprise_linux_server_aus 7.4

... and 9 more

Published Jun 06, 2017

Tracked Since Feb 18, 2026