Strix
26.1K

CVE-2004-0418

UnknownEPSS 5.68%

Last modified

CVE-2004-0418 is a vulnerability of currently unknown severity. serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.. EPSS estimates a 5.68% chance of exploitation in the next 30 days.

Description

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Metrics

EPSS Probability
5.68%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
CvsCvs1.10.7
CvsCvs1.10.8
CvsCvs1.11
CvsCvs1.11.1
CvsCvs1.11.1_p1
CvsCvs1.11.2
CvsCvs1.11.3
CvsCvs1.11.4
CvsCvs1.11.5
CvsCvs1.11.6
CvsCvs1.11.10
CvsCvs1.11.11
CvsCvs1.11.14
CvsCvs1.11.15
CvsCvs1.11.16
CvsCvs1.12.1
CvsCvs1.12.2
CvsCvs1.12.5
CvsCvs1.12.7
CvsCvs1.12.8
OpenpkgOpenpkgAll versions
OpenpkgOpenpkg1.3
OpenpkgOpenpkg2.0
SgiPropack2.4
SgiPropack3.0
GentooLinux1.4
OpenbsdOpenbsdAll versions
OpenbsdOpenbsd3.4
OpenbsdOpenbsd3.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-0418?
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
How severe is CVE-2004-0418?
Severity scoring for CVE-2004-0418 is pending analysis. The EPSS model estimates a 5.68% probability of exploitation in the next 30 days.
How do I fix CVE-2004-0418?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0418?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST