CVE-2010-3846

cvs: Heap-based buffer overflow by applying RCS file changes

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.

Error de índice de array en la función apply_rcs_change de rcs.c de CVS v1.11.23 permite a usuarios locales aumentar sus privilegios mediante un fichero RCS que contenga cambios en un fragmento delta manipulado que provoquen un desbordamiento de búfer basado en memoria dinámica (heap).

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-10-08 CVE Reserved
2010-11-05 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow

CAPEC

References (19)

URL	Tag	Source
http://secunia.com/advisories/42041	Third Party Advisory
http://secunia.com/advisories/42409	Third Party Advisory
http://www.osvdb.org/68952	Vdb Entry
http://www.securityfocus.com/bid/44528	Vdb Entry
http://www.securitytracker.com/id?1024795	Vdb Entry
http://www.vupen.com/english/advisories/2010/2846	Vdb Entry
http://www.vupen.com/english/advisories/2010/2869	Vdb Entry
http://www.vupen.com/english/advisories/2010/2899	Vdb Entry
http://www.vupen.com/english/advisories/2010/3080	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/62858	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev	2023-02-13
http://www.vupen.com/english/advisories/2010/2845	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=642146	2010-11-29

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html	2023-02-13
http://secunia.com/advisories/41079	2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0918.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3846	2010-11-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nongnu Search vendor "Nongnu"		Cvs Search vendor "Nongnu" for product "Cvs"				1.11.23 Search vendor "Nongnu" for product "Cvs" and version "1.11.23"		-		Affected