CVE-2004-0414
NONE EPSS 89.2%
Published Aug 6, 200421y ago · Modified Jun 16, 20262w ago
Published Aug 6, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
Threat Intelligence
EPSS Exploit Probability
89.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 29
| Vendor | Product | Version | Range |
|---|---|---|---|
| cvs | cvs | 1.10.7 | any |
| cvs | cvs | 1.10.8 | any |
| cvs | cvs | 1.11 | any |
| cvs | cvs | 1.11.1 | any |
| cvs | cvs | 1.11.1_p1 | any |
| cvs | cvs | 1.11.2 | any |
| cvs | cvs | 1.11.3 | any |
| cvs | cvs | 1.11.4 | any |
| cvs | cvs | 1.11.5 | any |
| cvs | cvs | 1.11.6 | any |
| cvs | cvs | 1.11.10 | any |
| cvs | cvs | 1.11.11 | any |
| cvs | cvs | 1.11.14 | any |
| cvs | cvs | 1.11.15 | any |
| cvs | cvs | 1.11.16 | any |
| cvs | cvs | 1.12.1 | any |
| cvs | cvs | 1.12.2 | any |
| cvs | cvs | 1.12.5 | any |
| cvs | cvs | 1.12.7 | any |
| cvs | cvs | 1.12.8 | any |
| openpkg | openpkg | * | any |
| openpkg | openpkg | 1.3 | any |
| openpkg | openpkg | 2.0 | any |
| sgi | propack | 2.4 | any |
| sgi | propack | 3.0 | any |
| gentoo | linux | 1.4 | any |
| openbsd | openbsd | * | any |
| openbsd | openbsd | 3.4 | any |
| openbsd | openbsd | 3.5 | any |
References 11
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
- lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
- marc.info http://marc.info/?l=bugtraq&m=108716553923643&w=2
- security.e-matters.de http://security.e-matters.de/advisories/092004.html
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200406-06.xml
- debian.org http://www.debian.org/security/2004/dsa-517
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-233.html
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993
Remediation
- debian.org http://www.debian.org/security/2004/dsa-517