CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
gnucvs
1.12.1
gnucvs
1.12.3
gnucvs
1.12.5
gnucvs
1.12.6
gnucvs
1.12.7
gnucvs
1.12.9
gnucvs
1.12.10
gnucvs
1.12.11
gnucvs
1.12.12
gnucvs
1.12.13
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.04
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cvs
bullseye
2:1.12.13+real-28
fixed
bookworm
2:1.12.13+real-28+deb12u1
fixed
sid
2:1.12.13+real-30
fixed
trixie
2:1.12.13+real-30
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cvs
zesty
Fixed 2:1.12.13+real-22ubuntu0.1
released
xenial
Fixed 2:1.12.13+real-15ubuntu0.1
released
trusty
Fixed 2:1.12.13+real-12ubuntu0.1
released
References
http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html
http://www.debian.org/security/2017/dsa-3940
http://www.openwall.com/lists/oss-security/2017/08/11/1
http://www.openwall.com/lists/oss-security/2017/08/11/4
http://www.securityfocus.com/bid/100279
http://www.ubuntu.com/usn/USN-3399-1
https://bugzilla.redhat.com/show_bug.cgi?id=1480800
https://security.gentoo.org/glsa/201709-17
http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html
http://www.debian.org/security/2017/dsa-3940
http://www.openwall.com/lists/oss-security/2017/08/11/1
http://www.openwall.com/lists/oss-security/2017/08/11/4
http://www.securityfocus.com/bid/100279
http://www.ubuntu.com/usn/USN-3399-1
https://bugzilla.redhat.com/show_bug.cgi?id=1480800
https://security.gentoo.org/glsa/201709-17