CVE-2004-0416

NONE EPSS 95.9%
Published Aug 6, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 6, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Threat Intelligence

EPSS Exploit Probability
95.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 29

VendorProductVersionRange
cvscvs1.10.7any
cvscvs1.10.8any
cvscvs1.11any
cvscvs1.11.1any
cvscvs1.11.1_p1any
cvscvs1.11.2any
cvscvs1.11.3any
cvscvs1.11.4any
cvscvs1.11.5any
cvscvs1.11.6any
cvscvs1.11.10any
cvscvs1.11.11any
cvscvs1.11.14any
cvscvs1.11.15any
cvscvs1.11.16any
cvscvs1.12.1any
cvscvs1.12.2any
cvscvs1.12.5any
cvscvs1.12.7any
cvscvs1.12.8any
openpkgopenpkg*any
openpkgopenpkg1.3any
openpkgopenpkg2.0any
sgipropack2.4any
sgipropack3.0any
gentoolinux1.4any
openbsdopenbsd*any
openbsdopenbsd3.4any
openbsdopenbsd3.5any

References 11

  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
  • marc.info http://marc.info/?l=bugtraq&m=108716553923643&w=2
  • security.e-matters.de http://security.e-matters.de/advisories/092004.html
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200406-06.xml
  • debian.org http://www.debian.org/security/2004/dsa-519
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-233.html
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-519
    PatchVendor Advisory