CVE-2004-0413 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0413
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0413

Description: libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16396 SUSE http://www.novell.com/linux/security/advisories/2004_18_subversion.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200406-07.xml FEDORA http://www.securityfocus.com/advisories/6847 CONFIRM http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt BUGTRAQ http://www.securityfocus.com/archive/1/365836 BID 10519

Return to the previous page.