Buffer overflow in Osgeo Mapserver

CVE-2011-2704

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

Vulnerability class: Buffer Overflow

EPSS: 0.076 (92.0th percentile) — read the EPSS interpretation.

Affected products

Osgeo Mapserver — versions 4.2.0, 4.4.0, 4.6.0
Umn Mapserver — versions 5.2.2, 5.2.3, 5.6.4
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
mapserver-ogc-bo(68719) (vdb-entry, x_refsource_XF)
45257 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2285 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] (mailing-list, x_refsource_MLIST, Patch)
45368 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes (mailing-list, x_refsource_MLIST, Patch)
48720 (vdb-entry, x_refsource_BID)
[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] (mailing-list, x_refsource_MLIST, Patch)