Public Date:

The MITRE CVE dictionary describes this issue as:

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Find out more about CVE-2004-0414 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 2.1 (cvs) RHSA-2004:233 2004-06-09
Red Hat Enterprise Linux version 3 (cvs) RHSA-2004:233 2004-06-09


Red Hat would like to thank Derek Price for auditing, disclosing, and providing a patch for this issue.