CVE-2003-0015

Published: Feb 7, 2003Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Affected (13)

Products: Freebsd: Freebsd · Cvs: Cvs

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 4.4
Freebsd Freebsd	Version 4.5
Freebsd Freebsd	Version 4.6
Freebsd Freebsd	Version 4.7
Freebsd Freebsd	Version 5.0

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Cvs Cvs	Version 1.10.7
Cvs Cvs	Version 1.10.8
Cvs Cvs	Version 1.11.1
Cvs Cvs	Version 1.11.1p1
Cvs Cvs	Version 1.11.2
Cvs Cvs	Version 1.11.3
Cvs Cvs	Version 1.11.4
Cvs Cvs	Version 1.11

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (32)

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html

Source: cve@mitre.org

http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=104333092200589&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104342550612736&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104428571204468&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104438807203491&w=2

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2003-013.html

Source: cve@mitre.org

PatchVendor Advisory

http://security.e-matters.de/advisories/012003.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.cert.org/advisories/CA-2003-02.html

Source: cve@mitre.org

US Government Resource

http://www.ciac.org/ciac/bulletins/n-032.shtml

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-233

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/650937

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-012.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/6650

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

Source: cve@mitre.org

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://marc.info/?l=bugtraq&m=104333092200589&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104342550612736&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104428571204468&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104438807203491&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2003-013.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://security.e-matters.de/advisories/012003.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.cert.org/advisories/CA-2003-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.ciac.org/ciac/bulletins/n-032.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-233

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/650937

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/6650

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.