CVE-2004-1471

Cvs - Denial of Service

Title source: rule

Description

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gyan Chawdhary · clocallinux

https://www.exploit-db.com/exploits/24182

View Code ZIP pw:eip

References (5)

[Various Sources] http://security.e-matters.de/advisories/092004.html

[Patch] http://www.securityfocus.com/bid/10499

[Vendor Advisory] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16365

[Vendor Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Scores

EPSS 0.0595

EPSS Percentile 90.7%

Details

Status published

Products (44)

cvs/cvs 1.10.7

cvs/cvs 1.10.8

cvs/cvs 1.11

cvs/cvs 1.11.1

cvs/cvs 1.11.1_p1

cvs/cvs 1.11.2

cvs/cvs 1.11.3

cvs/cvs 1.11.4

cvs/cvs 1.11.5

cvs/cvs 1.11.6

... and 34 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026