PT-2004-1553 · Cvs · Cvs

Published

2004-06-11

Updated

2018-05-03

CVE-2004-0414

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CVS versions 1.11.x through 1.11.16 CVS versions 1.12.x through 1.12.8

Description The issue arises from the improper handling of malformed "Entry" lines, which can prevent a NULL terminator from being used. This may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Recommendations For CVS versions 1.11.x through 1.11.16, update to a version that properly handles malformed "Entry" lines to prevent potential crashes or code execution. For CVS versions 1.12.x through 1.12.8, update to a version that properly handles malformed "Entry" lines to prevent potential crashes or code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0414

DSA-517

RHSA-2004:233

Affected Products

Cvs

PT-2004-1553 · Cvs · Cvs

CVE-2004-0414

Related Identifiers

Affected Products

References · 15