CVE Vulnerabilities

CVE-2004-1471

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Affected Software

Name Vendor Start Version End Version
Cvs Cvs 1.10.7 1.10.7
Cvs Cvs 1.10.8 1.10.8
Cvs Cvs 1.11 1.11
Cvs Cvs 1.11.1 1.11.1
Cvs Cvs 1.11.1_p1 1.11.1_p1
Cvs Cvs 1.11.2 1.11.2
Cvs Cvs 1.11.3 1.11.3
Cvs Cvs 1.11.4 1.11.4
Cvs Cvs 1.11.5 1.11.5
Cvs Cvs 1.11.6 1.11.6
Cvs Cvs 1.11.10 1.11.10
Cvs Cvs 1.11.11 1.11.11
Cvs Cvs 1.11.14 1.11.14
Cvs Cvs 1.11.15 1.11.15
Cvs Cvs 1.11.16 1.11.16
Cvs Cvs 1.12.1 1.12.1
Cvs Cvs 1.12.2 1.12.2
Cvs Cvs 1.12.5 1.12.5
Cvs Cvs 1.12.7 1.12.7
Cvs Cvs 1.12.8 1.12.8
Openpkg Openpkg 1.3 1.3
Openpkg Openpkg 2.0 2.0
Openpkg Openpkg current current
Propack Sgi 2.4 2.4
Propack Sgi 3.0 3.0

References