Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Jun 16, 2026
CVE-2004-0413
CVE-2004-0413
Description
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
- (no CPE)range: =1.0.4
Patches
Vulnerability mechanics
References
8- www.securityfocus.com/bid/10519nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200406-07.xmlnvdVendor Advisory
- subversion.tigris.org/security/CAN-2004-0413-advisory.txtnvd
- www.novell.com/linux/security/advisories/2004_18_subversion.htmlnvd
- www.securityfocus.com/advisories/6847nvd
- www.securityfocus.com/archive/1/365836nvd
- bugzilla.fedora.us/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16396nvd
News mentions
0No linked articles in our index yet.