CVE-2000-0338
— CWE-667
- CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Published: 2000-04-23T04:00:00.000
- Last modified: 2025-04-03T01:03:51.193
- CWE: CWE-667
CVE-2000-0338 — Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. [Severity (CVSS) 5.5 · Weakness: CWE-667]
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
🧠 Explainer: What this vulnerability means
Summary: A flaw in the product from the vendor (CWE: unspecified) can be exploited.
Impact: Potential impact includes remote code execution, data theft, or denial of service.
Mitigation: Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.
No vendor/product data yet.
- http://www.securityfocus.com/bid/1136 [Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory]
- http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/1136 [Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory]
- http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl [Broken Link, Third Party Advisory, VDB Entry]