CVE-2004-0414

NONE EPSS 89.2%
Published Aug 6, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 6, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Threat Intelligence

EPSS Exploit Probability
89.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 29

VendorProductVersionRange
cvscvs1.10.7any
cvscvs1.10.8any
cvscvs1.11any
cvscvs1.11.1any
cvscvs1.11.1_p1any
cvscvs1.11.2any
cvscvs1.11.3any
cvscvs1.11.4any
cvscvs1.11.5any
cvscvs1.11.6any
cvscvs1.11.10any
cvscvs1.11.11any
cvscvs1.11.14any
cvscvs1.11.15any
cvscvs1.11.16any
cvscvs1.12.1any
cvscvs1.12.2any
cvscvs1.12.5any
cvscvs1.12.7any
cvscvs1.12.8any
openpkgopenpkg*any
openpkgopenpkg1.3any
openpkgopenpkg2.0any
sgipropack2.4any
sgipropack3.0any
gentoolinux1.4any
openbsdopenbsd*any
openbsdopenbsd3.4any
openbsdopenbsd3.5any

References 11

  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
  • marc.info http://marc.info/?l=bugtraq&m=108716553923643&w=2
  • security.e-matters.de http://security.e-matters.de/advisories/092004.html
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200406-06.xml
    Vendor Advisory
  • debian.org http://www.debian.org/security/2004/dsa-517
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-233.html
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-517
    PatchVendor Advisory