CVE-2004-0456

3 documents3 sources

Severity

7.6HIGH

EPSS

1.3%

top 20.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Gentoo Linux Pavuk Pavuk

Timeline

PublishedDec 6

Latest updateApr 29

Description

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDpavuk/pavuk0.928r1, 0.9pl28i+1

▶NVDgentoo/linux1.1a, 1.2, 1.4+2

Also affects: Debian Linux 3.0

Patches

Patch: security.gentoo.org ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2xf-m5vw-px6j: Stack-based buffer overflow in pavuk 0↗2022-04-29

▶

CVEList

CVE-2004-0456: Stack-based buffer overflow in pavuk 0↗2004-07-06

▶