CVE-2004-0416

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1650%

EPSS Percentile11.79th

Published2004年8月6日

Last Modified2026年4月16日

Vulnerability Description

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Affected Platforms (CPE)

📦

Cvs

= 1.10.7

📦

Cvs

= 1.10.8

📦

Cvs

= 1.11

📦

Cvs

= 1.11.1

📦

Cvs

= 1.11.1_p1

📦

Cvs

= 1.11.2

📦

Cvs

= 1.11.3

📦

Cvs

= 1.11.4

📦

Cvs

= 1.11.5

📦

Cvs

= 1.11.6

📦

Cvs

= 1.11.10

📦

Cvs

= 1.11.11

📦

Cvs

= 1.11.14

📦

Cvs

= 1.11.15

📦

Cvs

= 1.11.16

📦

Cvs

= 1.12.1

📦

Cvs

= 1.12.2

📦

Cvs

= 1.12.5

📦

Cvs

= 1.12.7

📦

Cvs

= 1.12.8

📦

Openpkg

All versions

📦

Openpkg

= 1.3

📦

Openpkg

= 2.0

📦

Sgi

Propack

= 2.4

📦

Sgi

Propack

= 3.0

💻

Gentoo

Linux

= 1.4

💻

Openbsd

All versions

💻

Openbsd

= 3.4

💻

Openbsd

= 3.5

References & Advisories

🔗 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc

🔗 ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

🔗 http://marc.info/?l=bugtraq&m=108716553923643&w=2

🔗 http://security.e-matters.de/advisories/092004.html

🔗 http://security.gentoo.org/glsa/glsa-200406-06.xml

🔗 http://www.debian.org/security/2004/dsa-519

🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Vulnerability Description

Affected Platforms (CPE)

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Cvs

Openpkg

Openpkg

Openpkg

Propack

Propack

Linux

Openbsd

Openbsd

Openbsd

References & Advisories

関連する脆弱性情報