Lucene search

[email protected]CVE-2004-0417

HistoryAug 06, 2004 - 4:00 a.m.

CVE-2004-0417

2004-08-0604:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0417

integer overflow

max-dotdot

cvs protocol command

server crash

disk space

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.931 High

EPSS

Percentile

99.1%

JSON

Integer overflow in the “Max-dotdot” CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Affected configurations

NVD

Node

cvscvsMatch1.10.7

cvscvsMatch1.10.8

cvscvsMatch1.11

cvscvsMatch1.11.1

cvscvsMatch1.11.1_p1

cvscvsMatch1.11.2

cvscvsMatch1.11.3

cvscvsMatch1.11.4

cvscvsMatch1.11.5

cvscvsMatch1.11.6

cvscvsMatch1.11.10

cvscvsMatch1.11.11

cvscvsMatch1.11.14

cvscvsMatch1.11.15

cvscvsMatch1.11.16

cvscvsMatch1.12.1

cvscvsMatch1.12.2

cvscvsMatch1.12.5

cvscvsMatch1.12.7

cvscvsMatch1.12.8

openpkgopenpkg

openpkgopenpkgMatch1.3

openpkgopenpkgMatch2.0

sgipropackMatch2.4

sgipropackMatch3.0

Node

gentoolinuxMatch1.4

openbsdopenbsd

openbsdopenbsdMatch3.4

openbsdopenbsdMatch3.5

CPENameOperatorVersion
cvs:cvscvseq1.10.7
cvs:cvscvseq1.10.8
cvs:cvscvseq1.11
cvs:cvscvseq1.11.1
cvs:cvscvseq1.11.1_p1
cvs:cvscvseq1.11.2
cvs:cvscvseq1.11.3
cvs:cvscvseq1.11.4
cvs:cvscvseq1.11.5
cvs:cvscvseq1.11.6

CPE	Name	Operator	Version
cvs:cvs	cvs	eq	1.10.7
cvs:cvs	cvs	eq	1.10.8
cvs:cvs	cvs	eq	1.11
cvs:cvs	cvs	eq	1.11.1
cvs:cvs	cvs	eq	1.11.1_p1
cvs:cvs	cvs	eq	1.11.2
cvs:cvs	cvs	eq	1.11.3
cvs:cvs	cvs	eq	1.11.4
cvs:cvs	cvs	eq	1.11.5
cvs:cvs	cvs	eq	1.11.6