[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0015Date: (C)2003-02-07   (M)2023-12-22


Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
http://marc.info/?l=bugtraq&m=104333092200589&w=2
http://marc.info/?l=bugtraq&m=104342550612736&w=2
http://marc.info/?l=bugtraq&m=104428571204468&w=2
BID-6650
CA-2003-02
DSA-233
FreeBSD-SA-03:01
MDKSA-2003:009
N-032
RHSA-2003:012
RHSA-2003:013
VU#650937
cvs-doublefree-memory-corruption(11108)
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
http://security.e-matters.de/advisories/012003.html

CPE    5
cpe:/o:freebsd:freebsd:5.0
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
...
CWE    1
CWE-415

© SecPod Technologies