CVE-2003-0015

Cvs - Double Free

Title source: rule

Description

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefan Esser · textremotelinux

https://www.exploit-db.com/exploits/22187

View Code ZIP pw:eip

References (16)

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html

[Broken Link] http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14

[Mailing List] http://marc.info/?l=bugtraq&m=104333092200589&w=2

[Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2003-013.html

[Patch, Vendor Advisory] http://security.e-matters.de/advisories/012003.html

[US Government Resource] http://www.cert.org/advisories/CA-2003-02.html

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/n-032.shtml

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/650937

[Various Sources] http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-012.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6650

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

[Third Party Advisory] http://www.debian.org/security/2003/dsa-233

[Mailing List] http://marc.info/?l=bugtraq&m=104342550612736&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=104428571204468&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=104438807203491&w=2

Scores

EPSS 0.3775

EPSS Percentile 97.1%

Classification

CWE

CWE-415

Status draft

Affected Products (13)

cvs/cvs

freebsd/freebsd

freebsd/freebsd

freebsd/freebsd

freebsd/freebsd

freebsd/freebsd

cvs/cvs

cvs/cvs

cvs/cvs

cvs/cvs

cvs/cvs

cvs/cvs

cvs/cvs

Timeline

Published Feb 07, 2003

Tracked Since Feb 18, 2026