Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1471

6 documents6 sources

Severity

7.1HIGH

EPSS

5.9%

top 9.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

CVS CVS Freebsd Freebsd Gentoo Linux +3 more

Timeline

PublishedDec 31

Latest updateMay 3

Description

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶Debiancvs< 1:1.12.9+3

▶NVDcvs/cvs20 versions+19

▶NVDsgi/propack2.4, 3.0+1

▶NVDgentoo/linux1.4

▶NVDopenbsd/openbsd3.4, 3.5, current+2

Also affects: Freebsd 1.1.5.1, 2.0, 2.0.5, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1, 2.1.7.1, 2.2, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.5.1, 4.0, 4.1, 4.1.1, 4.10, 4.2, 4.3, 4.4, 4.5, 4.6, 4.6.2, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.2.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mpm3-c55x-2wp9: Format string vulnerability in wrapper↗2022-05-03

▶

CVEList

CVE-2004-1471: Format string vulnerability in wrapper↗2005-02-13

▶

OSV

CVE-2004-1471: Format string vulnerability in wrapper↗2004-12-31

▶

💥Exploits & PoCs

Exploit-DB

CVS 1.11.x - Multiple Vulnerabilities↗2004-06-09

▶

📋Vendor Advisories

Debian

CVE-2004-1471: cvs - Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11....↗2004

▶