CVE-2004-1471

CVS 1.11.x-1.11.16 and 1.12.x-1.12.8 - Remote Code Execution via Format String in Wrapper Line

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1471. PoCs published by Gyan Chawdhary.

AI-analyzed exploit summary This exploit targets a double-free vulnerability in CVS <= 1.11.15 via the error_prog_name buffer, leveraging heap manipulation to achieve remote code execution. It uses a crafted sequence of Argumentx and Argument commands to corrupt memory and execute shellcode.

Description

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gyan Chawdhary · clocallinux

https://www.exploit-db.com/exploits/24182

View Code ZIP pw:eip

This exploit targets a double-free vulnerability in CVS <= 1.11.15 via the error_prog_name buffer, leveraging heap manipulation to achieve remote code execution. It uses a crafted sequence of Argumentx and Argument commands to corrupt memory and execute shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: CVS <= 1.11.15

No auth needed

Prerequisites: Network access to CVS pserver (port 2401) · Specific glibc version (e.g., 2.3.x) for reliable heap layout

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_misc

http://security.e-matters.de/advisories/092004.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10499

Vendor Advisory vendor-advisory x_refsource_freebsd

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16365

Vendor Advisory mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Scores

EPSS 0.0772

EPSS Percentile 93.8%

Details

Status published

Products (44)

cvs/cvs 1.10.7

cvs/cvs 1.10.8

cvs/cvs 1.11

cvs/cvs 1.11.1

cvs/cvs 1.11.1_p1

cvs/cvs 1.11.2

cvs/cvs 1.11.3

cvs/cvs 1.11.4

cvs/cvs 1.11.5

cvs/cvs 1.11.6

... and 34 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026