VDB
CVE-2004-0396
CVE-2004-0396
PUBLISHED
CVSS 7.5 HIGH
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
EPSS 86.59% · 99.4th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
86.59%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cvs | cvs | 1.12, 1.11 |
| n/a | n/a | n/a |
Timeline
- May 20, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 11641 third-party-advisory
- 11652 third-party-advisory
- oval:org.mitre.oval:def:970 vdb
- 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) mailing-list
- oval:org.mitre.oval:def:9058 vdb
- MDKSA-2004:048 vendor-advisory
- 20040519 Advisory 07/2004: CVS remote vulnerability mailing-list
- 20040520 cvs server buffer overflow vulnerability vendor-advisory
- FreeBSD-SA-04:10 vendor-advisory
- RHSA-2004:190 vendor-advisory
- 11674 third-party-advisory
- GLSA-200405-12 vendor-advisory
- 11651 third-party-advisory
- 6305 vdb
- TA04-147A third-party-advisory
- O-147 third-party-advisory
- 20040519 Advisory 07/2004: CVS remote vulnerability mailing-list
- 11647 third-party-advisory
- FEDORA-2004-1620 vendor-advisory
- VU#192038 third-party-advisory
…and 9 more