10

CVE-2004-0413

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenpkgOpenpkg Version2.0
SubversionSubversion Version1.0
SubversionSubversion Version1.0.1
SubversionSubversion Version1.0.2
SubversionSubversion Version1.0.3
SubversionSubversion Version1.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.88% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://bugzilla.fedora.us/show_bug.cgi?id=1748
http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt
http://www.gentoo.org/security/en/glsa/glsa-200406-07.xml
Vendor Advisory
http://www.novell.com/linux/security/advisories/2004_18_subversion.html
http://www.securityfocus.com/advisories/6847
http://www.securityfocus.com/archive/1/365836
http://www.securityfocus.com/bid/10519
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16396