CVE-2003-0015
published 2003-02-07CVE-2003-0015: Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.87%
97.5th percentile
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | — | — |
| cvs | cvs | >= 0 < 1.11.2-5.1 | 1.11.2-5.1 |
| cvs | cvs | >= 0 < 1.11.2-5.1 | 1.11.2-5.1 |
| cvs | cvs | >= 0 < 1.11.2-5.1 | 1.11.2-5.1 |
| cvs | cvs | >= 0 < 1.11.2-5.1 | 1.11.2-5.1 |
| debian | cvs | < cvs 1.11.2-5.1 (bookworm) | cvs 1.11.2-5.1 (bookworm) |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-01-20·CVSS 7.5
CVE-2003-0015 [HIGH] security flaw
security flaw
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Debian
CVE-2003-0015: cvs - Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to c...
vendor_debian·2003·CVSS 7.5
CVE-2003-0015 [HIGH] CVE-2003-0015: cvs - Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to c...
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Scope: local
bookworm: resolved (fixed in 1.11.2-5.1)
bullseye: resolved (fixed in 1.11.2-5.1)
forky: resolved (fixed in 1.11.2-5.1)
sid: resolved (fixed in 1.11.2-5.1)
trixie: resolved (fixed in 1.11.2-5.1)
GHSA
GHSA-jj52-xc36-fq8r: Double-free vulnerability in CVS 1
ghsa_unreviewed·2022-04-29
CVE-2003-0015 [HIGH] CWE-415 GHSA-jj52-xc36-fq8r: Double-free vulnerability in CVS 1
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
OSV
CVE-2003-0015: Double-free vulnerability in CVS 1
osv·2003-02-07·CVSS 7.5
CVE-2003-0015 [HIGH] CVE-2003-0015: Double-free vulnerability in CVS 1
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Suricata
GPL MISC CVS invalid directory response
suricata·2010-09-23
CVE-2003-0015 GPL MISC CVS invalid directory response
GPL MISC CVS invalid directory response
Rule: alert tcp $HOME_NET 2401 -> $EXTERNAL_NET any (msg:"GPL MISC CVS invalid directory response"; flow:established,to_client; content:"E protocol error|3A| invalid directory syntax in"; reference:bugtraq,6650; reference:cve,2003-0015; classtype:misc-attack; sid:2102011; rev:6; metadata:created_at 2010_09_23, cve CVE_2003_0015, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL MISC CVS double free exploit attempt response
suricata·2010-09-23
CVE-2003-0015 GPL MISC CVS double free exploit attempt response
GPL MISC CVS double free exploit attempt response
Rule: alert tcp $HOME_NET 2401 -> $EXTERNAL_NET any (msg:"GPL MISC CVS double free exploit attempt response"; flow:established,to_client; content:"free|28 29 3A| warning|3A| chunk is already free"; reference:bugtraq,6650; reference:cve,2003-0015; classtype:misc-attack; sid:2102010; rev:6; metadata:created_at 2010_09_23, cve CVE_2003_0015, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlhttp://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14http://marc.info/?l=bugtraq&m=104333092200589&w=2http://marc.info/?l=bugtraq&m=104342550612736&w=2http://marc.info/?l=bugtraq&m=104428571204468&w=2http://marc.info/?l=bugtraq&m=104438807203491&w=2http://rhn.redhat.com/errata/RHSA-2003-013.htmlhttp://security.e-matters.de/advisories/012003.htmlhttp://www.cert.org/advisories/CA-2003-02.htmlhttp://www.ciac.org/ciac/bulletins/n-032.shtmlhttp://www.debian.org/security/2003/dsa-233http://www.kb.cert.org/vuls/id/650937http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009http://www.redhat.com/support/errata/RHSA-2003-012.htmlhttp://www.securityfocus.com/bid/6650https://exchange.xforce.ibmcloud.com/vulnerabilities/11108http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlhttp://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14http://marc.info/?l=bugtraq&m=104333092200589&w=2http://marc.info/?l=bugtraq&m=104342550612736&w=2http://marc.info/?l=bugtraq&m=104428571204468&w=2http://marc.info/?l=bugtraq&m=104438807203491&w=2http://rhn.redhat.com/errata/RHSA-2003-013.htmlhttp://security.e-matters.de/advisories/012003.htmlhttp://www.cert.org/advisories/CA-2003-02.htmlhttp://www.ciac.org/ciac/bulletins/n-032.shtmlhttp://www.debian.org/security/2003/dsa-233http://www.kb.cert.org/vuls/id/650937http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009http://www.redhat.com/support/errata/RHSA-2003-012.htmlhttp://www.securityfocus.com/bid/6650https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
2003-02-07
Published