CVE-2012-0804

Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.

Date published : 2012-05-29

http://www.securityfocus.com/bid/51943

http://www.debian.org/security/2012/dsa-2407