CVE-2004-0416

Description

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Software From Fixed in
openbsd / openbsd - -
openbsd / openbsd 3.4 3.4.x
openbsd / openbsd 3.5 3.5.x
cvs / cvs 1.10.7 1.10.7.x
cvs / cvs 1.10.8 1.10.8.x
cvs / cvs 1.11 1.11.x
cvs / cvs 1.11.1 1.11.1.x
cvs / cvs 1.11.1_p1 1.11.1_p1.x
cvs / cvs 1.11.10 1.11.10.x
cvs / cvs 1.11.11 1.11.11.x
cvs / cvs 1.11.14 1.11.14.x
cvs / cvs 1.11.15 1.11.15.x
cvs / cvs 1.11.16 1.11.16.x
cvs / cvs 1.11.2 1.11.2.x
cvs / cvs 1.11.3 1.11.3.x
cvs / cvs 1.11.4 1.11.4.x
cvs / cvs 1.11.5 1.11.5.x
cvs / cvs 1.11.6 1.11.6.x
cvs / cvs 1.12.1 1.12.1.x
cvs / cvs 1.12.2 1.12.2.x
cvs / cvs 1.12.5 1.12.5.x
cvs / cvs 1.12.7 1.12.7.x
cvs / cvs 1.12.8 1.12.8.x
openpkg / openpkg - -
openpkg / openpkg 1.3 1.3.x
openpkg / openpkg 2.0 2.0.x
gentoo / linux 1.4 1.4.x
sgi / propack 2.4 2.4.x
sgi / propack 3.0 3.0.x