Vulnerability/
CVE-2004-0416

CVE-2004-0416: Buffer Overflow

Published Jun 11, 2004

·

Updated

Double free vulnerability for the errorprogname string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Affected Software

29 affected components

CVS CVS=1.10.7

CVS CVS=1.10.8

CVS CVS=1.11

CVS CVS=1.11.1

CVS CVS=1.11.1_p1

CVS CVS=1.11.2

CVS CVS=1.11.3

CVS CVS=1.11.4

CVS CVS=1.11.5

CVS CVS=1.11.6

CVS CVS=1.11.10

CVS CVS=1.11.11

CVS CVS=1.11.14

CVS CVS=1.11.15

CVS CVS=1.11.16

CVS CVS=1.12.1

CVS CVS=1.12.2

CVS CVS=1.12.5

CVS CVS=1.12.7

CVS CVS=1.12.8

Openpkg Openpkg

Openpkg Openpkg=1.3

Openpkg Openpkg=2.0

Sgi Propack=2.4

Sgi Propack=3.0

Gentoo Linux=1.4

OpenBSD OpenBSD

OpenBSD OpenBSD=3.4

OpenBSD OpenBSD=3.5

Remediation

Patch Available

http://www.debian.org/security/2004/dsa-519

Event History

Jun 11, 2004

CVE Published

via MITRE·08:00 AM

Data Sourced

via MITRE·08:00 AM

Description

Frequently Asked Questions

1

What is the severity of CVE-2004-0416?

CVE-2004-0416 is classified with a high severity due to the potential for remote attackers to execute arbitrary code.

2

How do I fix CVE-2004-0416?

To fix CVE-2004-0416, upgrade to a version of CVS that is not affected, such as 1.12.9 or later.

3

Which versions of CVS are affected by CVE-2004-0416?

CVE-2004-0416 affects CVS versions 1.12.1 through 1.12.8 and 1.11.x through 1.11.16.

4

What type of vulnerability is CVE-2004-0416?

CVE-2004-0416 is a double free vulnerability which can allow attackers to exploit memory management issues.

5

Can CVE-2004-0416 be exploited remotely?

Yes, CVE-2004-0416 can be exploited remotely, making it particularly dangerous to vulnerable systems.

CVSS Score

10.0Critical

Critical Severity

AV:N/AC:L/Au:N/C:C/I:C/A:C

Security Metrics

Risk Score87

Severitycritical(10)

CWE

119415

Timeline

PublishedJun 11, 2004

Updated

References

Tags

agent/weaknessagent/typeagent/last-modified-dateagent/severityagent/remedyagent/referencesagent/authoragent/descriptionagent/first-publish-dateagent/sourcecollector/nvd-indexagent/software-canonical-lookup-requestcollector/nvd-historicalagent/softwarecombineagent/risk-scoreagent/tagscollector/mitre-cvesource/MITREagent/eventvendor/cvscanonical/cvs cvsversion/cvs cvs/1.10.7version/cvs cvs/1.10.8version/cvs cvs/1.11version/cvs cvs/1.11.1version/cvs cvs/1.11.1_p1version/cvs cvs/1.11.2version/cvs cvs/1.11.3version/cvs cvs/1.11.4version/cvs cvs/1.11.5version/cvs cvs/1.11.6version/cvs cvs/1.11.10version/cvs cvs/1.11.11version/cvs cvs/1.11.14version/cvs cvs/1.11.15version/cvs cvs/1.11.16version/cvs cvs/1.12.1version/cvs cvs/1.12.2version/cvs cvs/1.12.5version/cvs cvs/1.12.7version/cvs cvs/1.12.8vendor/openpkgcanonical/openpkg openpkgversion/openpkg openpkg/1.3version/openpkg openpkg/2.0vendor/sgicanonical/sgi propackversion/sgi propack/2.4version/sgi propack/3.0vendor/gentoocanonical/gentoo linuxversion/gentoo linux/1.4vendor/openbsdcanonical/openbsd openbsdversion/openbsd openbsd/3.4version/openbsd openbsd/3.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203