CVE-2004-0414

Published: Aug 6, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Affected (29)

Products: Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · +2 more

Show all products

Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · Gentoo: Linux · Openbsd: Openbsd

1 product

1 product

1 product

1 product

1 product

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Cvs Cvs	Version 1.10.7
Cvs Cvs	Version 1.10.8
Cvs Cvs	Version 1.11.10
Cvs Cvs	Version 1.11.11
Cvs Cvs	Version 1.11.14
Cvs Cvs	Version 1.11.15
Cvs Cvs	Version 1.11.16
Cvs Cvs	Version 1.11.1
Cvs Cvs	Version 1.11.1_p1
Cvs Cvs	Version 1.11.2
Cvs Cvs	Version 1.11.3
Cvs Cvs	Version 1.11.4
Cvs Cvs	Version 1.11.5
Cvs Cvs	Version 1.11.6
Cvs Cvs	Version 1.11
Cvs Cvs	Version 1.12.1
Cvs Cvs	Version 1.12.2
Cvs Cvs	Version 1.12.5
Cvs Cvs	Version 1.12.7
Cvs Cvs	Version 1.12.8
Openpkg Openpkg	All versions
Openpkg Openpkg	Version 1.3
Openpkg Openpkg	Version 2.0
Sgi Propack	Version 2.4
Sgi Propack	Version 3.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	Version 1.4
Openbsd Openbsd	All versions
Openbsd Openbsd	Version 3.4
Openbsd Openbsd	Version 3.5

References (22)

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: cve@mitre.org

http://security.e-matters.de/advisories/092004.html

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2004/dsa-517

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.e-matters.de/advisories/092004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2004/dsa-517

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.