CVE-2004-0396

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2004-0396

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2004-0396.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2004-0396

Related

Published

2004-06-14T04:00:00Z

Modified

2024-11-20T23:48:29Z

Summary

[none]

Details

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

References

Affected packages

Debian:11 / cvs

Package

Name: cvs
Purl: pkg:deb/debian/cvs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.12.5-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cvs

Package

Name: cvs
Purl: pkg:deb/debian/cvs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.12.5-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cvs

Package

Name: cvs
Purl: pkg:deb/debian/cvs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.12.5-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}