Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0397Improper Restriction of Operations within the Bounds of a Memory Buffer in Subversion

8 documents6 sources
Severity
7.5HIGHNVD
EPSS
86.6%
top 0.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache SubversionSubversion
Timeline
PublishedJul 7
Latest updateApr 29

Description

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianapache/subversion< 1.0.3-1+3
NVDsubversion/subversion1.0, 1.0.1, 1.0.2+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-vwxm-8m4v-97wg: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 12022-04-29
OSV
CVE-2004-0397: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 12004-07-07
CVEList
CVE-2004-0397: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 12004-05-28

💥Exploits & PoCs

3
Exploit-DB
Subversion - Date Svnserve (Metasploit)2010-08-07
Exploit-DB
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow2004-06-25
Exploit-DB
Subversion 1.0.2 - Date Overflow (Metasploit)2004-05-19

📋Vendor Advisories

1
Debian
CVE-2004-0397: subversion - Stack-based buffer overflow during the apr_time_t data conversion in Subversion ...2004
CVE-2004-0397 — Subversion vulnerability | cvebase