Unrated severityNVD Advisory· Published Mar 31, 2009· Updated Apr 23, 2026
CVE-2009-0840
CVE-2009-0840
Description
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
Affected products
42cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.htmlnvdPatch
- www.positronsecurity.com/advisories/2009-000.htmlnvdExploit
- trac.osgeo.org/mapserver/ticket/2943nvdVendor Advisory
- secunia.com/advisories/34520nvd
- secunia.com/advisories/34603nvd
- www.debian.org/security/2009/dsa-1914nvd
- www.securityfocus.com/archive/1/502271/100/0/threadednvd
- www.securityfocus.com/bid/34306nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/49545nvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.htmlnvd
News mentions
0No linked articles in our index yet.