CVE-2003-0015

Severity CVSS v4.0:
Pending analysis
Type:
CWE-415 Double Free
Publication date:
07/02/2003
Last modified:
03/04/2025

Description

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools