Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2003-0015

Published: 07/02/2003 Updated: 03/05/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Freebsd

Vulnerability Summary

Double-free vulnerability in CVS 1.11.4 and previous versions allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 4.4

freebsd freebsd 4.5

freebsd freebsd 4.6

freebsd freebsd 4.7

freebsd freebsd 5.0

cvs cvs 1.11.1

cvs cvs 1.11.1p1

cvs cvs 1.10.8

cvs cvs 1.11

cvs cvs 1.11.2

cvs cvs 1.11.3

cvs cvs 1.10.7

cvs cvs 1.11.4

Vendor Advisories

Debian Security Advisories: DSA-233-1 cvs -- doubly freed memory
Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as Anonymous read-only access is sufficient to exploit this problem For t ...

Exploits

Exploit DB: CVS 1.11.x - Directory Request Double-Free Heap Corruption
source: wwwsecurityfocuscom/bid/6650/info CVS is prone to a double free vulnerability in the Directory requests An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code githubcom/offensive-security/exploitdb-bin- ...

References

CWE-415http://security.e-matters.de/advisories/012003.htmlhttp://rhn.redhat.com/errata/RHSA-2003-013.htmlhttp://www.kb.cert.org/vuls/id/650937http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlhttp://www.cert.org/advisories/CA-2003-02.htmlhttp://www.debian.org/security/2003/dsa-233http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009http://www.redhat.com/support/errata/RHSA-2003-012.htmlhttp://www.ciac.org/ciac/bulletins/n-032.shtmlhttp://www.securityfocus.com/bid/6650http://marc.info/?l=bugtraq&m=104438807203491&w=2http://marc.info/?l=bugtraq&m=104342550612736&w=2http://marc.info/?l=bugtraq&m=104428571204468&w=2http://marc.info/?l=bugtraq&m=104333092200589&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/11108https://nvd.nist.govhttps://www.debian.org/security/./dsa-233https://www.exploit-db.com/exploits/22187/https://www.kb.cert.org/vuls/id/650937
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook