7.5

CVE-2003-0015

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version4.4
FreebsdFreebsd Version4.5
FreebsdFreebsd Version4.6
FreebsdFreebsd Version4.7
FreebsdFreebsd Version5.0
CvsCvs Version1.10.7
CvsCvs Version1.10.8
CvsCvs Version1.11
CvsCvs Version1.11.1
CvsCvs Version1.11.1p1
CvsCvs Version1.11.2
CvsCvs Version1.11.3
CvsCvs Version1.11.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.87% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://marc.info/?l=bugtraq&m=104333092200589&w=2
http://www.redhat.com/support/errata/RHSA-2003-012.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
Broken Link
http://marc.info/?l=bugtraq&m=104342550612736&w=2
http://marc.info/?l=bugtraq&m=104428571204468&w=2
http://marc.info/?l=bugtraq&m=104438807203491&w=2
http://rhn.redhat.com/errata/RHSA-2003-013.html
Patch
Vendor Advisory
http://security.e-matters.de/advisories/012003.html
Patch
Vendor Advisory
http://www.cert.org/advisories/CA-2003-02.html
US Government Resource
http://www.ciac.org/ciac/bulletins/n-032.shtml
http://www.debian.org/security/2003/dsa-233
http://www.kb.cert.org/vuls/id/650937
Third Party Advisory
US Government Resource
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
http://www.securityfocus.com/bid/6650
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108