CVE-2004-0397
published 2004-07-07CVE-2004-0397: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1)…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
EXPLOIT
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | >= 0 < 1.0.3-1 | 1.0.3-1 |
| apache | subversion | >= 0 < 1.0.3-1 | 1.0.3-1 |
| apache | subversion | >= 0 < 1.0.3-1 | 1.0.3-1 |
| apache | subversion | >= 0 < 1.0.3-1 | 1.0.3-1 |
| debian | subversion | < subversion 1.0.3-1 (bookworm) | subversion 1.0.3-1 (bookworm) |
| subversion | subversion | — | — |
| subversion | subversion | — | — |
| subversion | subversion | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH