CVE-2003-0015 : Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly ex

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Published 2003-02-07 05:00:00

Updated 2018-05-03 01:29:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2003-0015

Probability of exploitation activity in the next 30 days: 29.55%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2003-0015

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2003-0015

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2003-0015

http://www.kb.cert.org/vuls/id/650937

Third Party Advisory;US Government Resource
http://marc.info/?l=bugtraq&m=104333092200589&w=2

CVEs referencing this url
http://www.debian.org/security/2003/dsa-233
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
http://marc.info/?l=bugtraq&m=104342550612736&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
http://www.cert.org/advisories/CA-2003-02.html

US Government Resource
http://marc.info/?l=bugtraq&m=104438807203491&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
http://marc.info/?l=bugtraq&m=104428571204468&w=2
http://www.ciac.org/ciac/bulletins/n-032.shtml
http://www.redhat.com/support/errata/RHSA-2003-012.html

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2003-013.html

Patch;Vendor Advisory
http://security.e-matters.de/advisories/012003.html

Patch;Vendor Advisory
http://www.securityfocus.com/bid/6650

Products affected by CVE-2003-0015

Freebsd » Freebsd » Version: 5.0
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.4
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.5
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.6
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.7
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.10.7
cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.10.8
cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11.1
cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11.1p1
cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11
cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11.2
cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11.3
cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*
Matching versions
CVS » CVS » Version: 1.11.4
cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2003-0015

Exploit prediction scoring system (EPSS) score for CVE-2003-0015

CVSS scores for CVE-2003-0015

CWE ids for CVE-2003-0015

References for CVE-2003-0015

Products affected by CVE-2003-0015