CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Affected Software

Name	Vendor	Start Version	End Version
Cvs	Cvs	1.10.7 (including)	1.10.7 (including)
Cvs	Cvs	1.10.8 (including)	1.10.8 (including)
Cvs	Cvs	1.11 (including)	1.11 (including)
Cvs	Cvs	1.11.1 (including)	1.11.1 (including)
Cvs	Cvs	1.11.1_p1 (including)	1.11.1_p1 (including)
Cvs	Cvs	1.11.2 (including)	1.11.2 (including)
Cvs	Cvs	1.11.3 (including)	1.11.3 (including)
Cvs	Cvs	1.11.4 (including)	1.11.4 (including)
Cvs	Cvs	1.11.5 (including)	1.11.5 (including)
Cvs	Cvs	1.11.6 (including)	1.11.6 (including)
Cvs	Cvs	1.11.10 (including)	1.11.10 (including)
Cvs	Cvs	1.11.11 (including)	1.11.11 (including)
Cvs	Cvs	1.11.14 (including)	1.11.14 (including)
Cvs	Cvs	1.11.15 (including)	1.11.15 (including)
Cvs	Cvs	1.11.16 (including)	1.11.16 (including)
Cvs	Cvs	1.12.1 (including)	1.12.1 (including)
Cvs	Cvs	1.12.2 (including)	1.12.2 (including)
Cvs	Cvs	1.12.5 (including)	1.12.5 (including)
Cvs	Cvs	1.12.7 (including)	1.12.7 (including)
Cvs	Cvs	1.12.8 (including)	1.12.8 (including)
Openpkg	Openpkg	1.3 (including)	1.3 (including)
Openpkg	Openpkg	2.0 (including)	2.0 (including)
Openpkg	Openpkg	current (including)	current (including)
Propack	Sgi	2.4 (including)	2.4 (including)
Propack	Sgi	3.0 (including)	3.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1471
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References