Upstream information

CVE-2010-3846 at MITRE

Description

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

We verified this issue on all of our products and found that none of our products is affected by this problem.

SUSE Bugzilla entry: 647960 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.