// For flags

CVE-2004-0396

CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Desbordamiento basado en la pila en CVS 1.11.X a 1.11.5 y 1.12. a 1.12.7, cuando se usa el mecanismo pserver, permite a atacantes remotos ejecutar código arbitrario mediante lineas de Entradas.

Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-04-13 CVE Reserved
  • 2004-05-19 CVE Published
  • 2004-05-20 First Exploit
  • 2024-08-08 CVE Updated
  • 2025-07-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (35)
URL Tag Source
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html Mailing List
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html Mailing List
http://marc.info/?l=bugtraq&m=108498454829020&w=2 Mailing List
http://marc.info/?l=bugtraq&m=108500040719512&w=2 Mailing List
http://secunia.com/advisories/11641 Third Party Advisory
http://secunia.com/advisories/11647 Third Party Advisory
http://secunia.com/advisories/11651 Third Party Advisory
http://secunia.com/advisories/11652 Third Party Advisory
http://secunia.com/advisories/11674 Third Party Advisory
http://security.e-matters.de/advisories/072004.html X_refsource_misc
http://www.ciac.org/ciac/bulletins/o-147.shtml Government Resource
http://www.osvdb.org/6305 Vdb Entry
http://www.securityfocus.com/bid/10384 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA04-147A.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970 Signature
URL Date SRC
https://packetstorm.news/files/id/34031 2004-08-12
https://packetstorm.news/files/id/33385 2004-05-20
https://packetstorm.news/files/id/33384 2004-05-20
https://www.exploit-db.com/exploits/300 2016-12-05
https://www.exploit-db.com/exploits/301 2016-03-28
URL Date SRC
http://www.debian.org/security/2004/dsa-505 2017-10-11
http://www.kb.cert.org/vuls/id/192038 2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-190.html 2017-10-11
URL Date SRC
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc 2017-10-11
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc 2017-10-11
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html 2017-10-11
http://marc.info/?l=bugtraq&m=108636445031613&w=2 2017-10-11
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2 2017-10-11
http://security.gentoo.org/glsa/glsa-200405-12.xml 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 2017-10-11
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0396 2004-05-19
https://bugzilla.redhat.com/show_bug.cgi?id=1617191 2004-05-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cvs
Search vendor "Cvs"
 Cvs
Search vendor "Cvs" for product "Cvs"
 1.11
Search vendor "Cvs" for product "Cvs" and version "1.11"
-
Affected
Cvs
Search vendor "Cvs"
 Cvs
Search vendor "Cvs" for product "Cvs"
 1.12
Search vendor "Cvs" for product "Cvs" and version "1.12"
-
Affected