Double-free vulnerability in CVS 1.11.4 and previous versions allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 4.4 |
||
freebsd freebsd 4.5 |
||
freebsd freebsd 4.6 |
||
freebsd freebsd 4.7 |
||
freebsd freebsd 5.0 |
||
cvs cvs 1.11.1 |
||
cvs cvs 1.11.1p1 |
||
cvs cvs 1.10.8 |
||
cvs cvs 1.11 |
||
cvs cvs 1.11.2 |
||
cvs cvs 1.11.3 |
||
cvs cvs 1.10.7 |
||
cvs cvs 1.11.4 |