CVE-2004-0396
cvs - heap overflow
EPSS 86.6%
Description
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
How to fix CVE-2004-0396
To remediate CVE-2004-0396, upgrade the affected package to a fixed version below.
- Debian/cvs—upgrade to 1:1.12.5-6 or later
- Debian/cvs—upgrade to 1.11.1p1debian-9woody4 or later
Is CVE-2004-0396 being exploited?
Likely — EPSS is 86.6%, placing CVE-2004-0396 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1:1.12.5-6
- from 0, < 1.11.1p1debian-9woody4