CVE-2004-0396

critical

Description

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058

https://exchange.xforce.ibmcloud.com/vulnerabilities/16193

http://www.us-cert.gov/cas/techalerts/TA04-147A.html

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865

http://www.securityfocus.com/bid/10384

http://www.redhat.com/support/errata/RHSA-2004-190.html

http://www.osvdb.org/6305

http://www.mandriva.com/security/advisories?name=MDKSA-2004:048

http://www.kb.cert.org/vuls/id/192038

http://www.debian.org/security/2004/dsa-505

http://www.ciac.org/ciac/bulletins/o-147.shtml

http://security.gentoo.org/glsa/glsa-200405-12.xml

http://security.e-matters.de/advisories/072004.html

http://secunia.com/advisories/11674

http://secunia.com/advisories/11652

http://secunia.com/advisories/11651

http://secunia.com/advisories/11647

http://secunia.com/advisories/11641

http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2

http://marc.info/?l=bugtraq&m=108636445031613&w=2

http://marc.info/?l=bugtraq&m=108500040719512&w=2

http://marc.info/?l=bugtraq&m=108498454829020&w=2

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html

http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html

Details

Source: Mitre, NVD

Published: 2004-06-14

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics