Vulnerability in N/a
CVE-2004-0397
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- 10386 (vdb-entry, x_refsource_BID)
- FLSA:1748 (vendor-advisory, x_refsource_FEDORA)
- 20040519 Advisory 08/2004: Subversion remote vulnerability (mailing-list, x_refsource_FULLDISC)
- subversion.tigris.org/svn-sscanf-advisory.txt (x_refsource_CONFIRM)
- 20040519 Advisory 08/2004: Subversion remote vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 20040519 [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion) (mailing-list, x_refsource_BUGTRAQ)
- FEDORA-2004-128 (vendor-advisory, x_refsource_FEDORA)
- GLSA-200405-14 (vendor-advisory, x_refsource_GENTOO)
- 6301 (x_refsource_OSVDB, vdb-entry)
- 11675 (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2004-0397?
- CVE-2004-0397 is a vulnerability in N/a. Published 2004-05-28.
- Is CVE-2004-0397 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.