Unrated severityNVD Advisory· Published Aug 1, 2011· Updated Apr 29, 2026
CVE-2011-2704
CVE-2011-2704
Description
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Affected products
59cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*+ 53 more
- cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*range: <=4.10.6
- cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlnvdPatch
- trac.osgeo.org/mapserver/ticket/3903nvdPatch
- www.openwall.com/lists/oss-security/2011/07/19/14nvdPatch
- www.openwall.com/lists/oss-security/2011/07/20/15nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/45257nvdVendor Advisory
- secunia.com/advisories/45368nvdVendor Advisory
- www.debian.org/security/2011/dsa-2285nvd
- www.securityfocus.com/bid/48720nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/68719nvd
News mentions
0No linked articles in our index yet.