Vulnerability Report

CVE-2009-0840

Title: Umn Mapserver Memory Corruption

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2009-0840.

CWE Category CWE-119
Published Date Mar 31, 2009
Modified Date Apr 09, 2025
Exploit Status Not Found
Score 10.0 CVSS v2.0
Exploit Probability (EPSS)
2.70%

Vulnerability Summary

CVE-2009-0840: Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

Impacted Vendors

U
university_of_minnesota 1
U
umn 1
O
osgeo 1

Reference Links

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html http://secunia.com/advisories/34520 http://secunia.com/advisories/34603 http://trac.osgeo.org/mapserver/ticket/2943 http://www.debian.org/security/2009/dsa-1914 http://www.positronsecurity.com/advisories/2009-000.html http://www.securityfocus.com/archive/1/502271/100/0/threaded http://www.securityfocus.com/bid/34306 http://www.securitytracker.com/id?1021952 https://exchange.xforce.ibmcloud.com/vulnerabilities/49545 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html http://secunia.com/advisories/34520 http://secunia.com/advisories/34603 http://trac.osgeo.org/mapserver/ticket/2943 http://www.debian.org/security/2009/dsa-1914 http://www.positronsecurity.com/advisories/2009-000.html http://www.securityfocus.com/archive/1/502271/100/0/threaded http://www.securityfocus.com/bid/34306 http://www.securitytracker.com/id?1021952 https://exchange.xforce.ibmcloud.com/vulnerabilities/49545 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
CVSS v2.0
Source Entity [email protected]
Severity HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-0840 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.