CVE-2004-0417

NONE EPSS 86.0%
Published Aug 6, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 6, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Threat Intelligence

EPSS Exploit Probability
86.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 29

VendorProductVersionRange
cvscvs1.10.7any
cvscvs1.10.8any
cvscvs1.11any
cvscvs1.11.1any
cvscvs1.11.1_p1any
cvscvs1.11.2any
cvscvs1.11.3any
cvscvs1.11.4any
cvscvs1.11.5any
cvscvs1.11.6any
cvscvs1.11.10any
cvscvs1.11.11any
cvscvs1.11.14any
cvscvs1.11.15any
cvscvs1.11.16any
cvscvs1.12.1any
cvscvs1.12.2any
cvscvs1.12.5any
cvscvs1.12.7any
cvscvs1.12.8any
openpkgopenpkg*any
openpkgopenpkg1.3any
openpkgopenpkg2.0any
sgipropack2.4any
sgipropack3.0any
gentoolinux1.4any
openbsdopenbsd*any
openbsdopenbsd3.4any
openbsdopenbsd3.5any

References 10

  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
  • marc.info http://marc.info/?l=bugtraq&m=108716553923643&w=2
  • security.e-matters.de http://security.e-matters.de/advisories/092004.html
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200406-06.xml
    Vendor Advisory
  • debian.org http://www.debian.org/security/2004/dsa-519
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-233.html
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-519
    PatchVendor Advisory