VYPR
Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Jun 16, 2026

CVE-2004-0413

CVE-2004-0413

Description

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • OpenPKG/Openpkg2 versions
    cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
    • cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
    • (no CPE)range: =1.0.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.