CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

• ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
• ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
• http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
• http://marc.info/?l=bugtraq&m=108716553923643&w=2
• http://security.e-matters.de/advisories/092004.html
• http://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
• http://www.debian.org/security/2004/dsa-517Patch, Vendor Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
• http://www.redhat.com/support/errata/RHSA-2004-233.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993
• ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
• ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
• http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
• http://marc.info/?l=bugtraq&m=108716553923643&w=2
• http://security.e-matters.de/advisories/092004.html
• http://security.gentoo.org/glsa/glsa-200406-06.xmlVendor Advisory
• http://www.debian.org/security/2004/dsa-517Patch, Vendor Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:058
• http://www.redhat.com/support/errata/RHSA-2004-233.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993

Published

Aug 6, 2004

Last Modified

Jun 16, 2026

Status

Modified