PT-2004-2382 · Cvs · Cvs

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1471

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CVS versions 1.11.x through 1.11.16 CVS versions 1.12.x through 1.12.8

Description: The issue allows remote attackers with CVSROOT commit access to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code. This is achieved through the use of format string specifiers in a wrapper line.

Recommendations: For CVS versions 1.11.x through 1.11.16, update to a version outside of this range to resolve the issue. For CVS versions 1.12.x through 1.12.8, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the wrapper line in wrapper.c to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1471

Affected Products

Cvs

PT-2004-2382 · Cvs · Cvs

CVE-2004-1471

Related Identifiers

Affected Products

References · 10