Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0015

CWE-41510 documents9 sources

Severity

7.5HIGH

EPSS

37.7%

top 2.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

CVS CVS Freebsd Freebsd

Timeline

PublishedFeb 7

Latest updateApr 29

Description

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiancvs< 1.11.2-5.1+3

▶NVDcvs/cvs8 versions+7

Also affects: Freebsd 4.4, 4.5, 4.6, 4.7, 5.0

Patches

Patch: rhn.redhat.com ↗Patch: security.e-matters.de ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jj52-xc36-fq8r: Double-free vulnerability in CVS 1↗2022-04-29

▶

CVEList

CVE-2003-0015: Double-free vulnerability in CVS 1↗2004-09-01

▶

OSV

CVE-2003-0015: Double-free vulnerability in CVS 1↗2003-02-07

▶

💥Exploits & PoCs

Exploit-DB

CVS 1.11.x - Directory Request Double-Free Heap Corruption↗2003-01-20

▶

🔍Detection Rules

Suricata

GPL MISC CVS invalid directory response↗2010-09-23

▶

Suricata

GPL MISC CVS double free exploit attempt response↗2010-09-23

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-01-20

▶

Debian

CVE-2003-0015: cvs - Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to c...↗2003

▶

💬Community

Bugzilla

CVE-2003-0015 security flaw↗2018-08-16

▶