CVE-2003-0015

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name	Vendor	Start Version	End Version
Freebsd	Freebsd	4.4	4.4
Freebsd	Freebsd	4.5	4.5
Freebsd	Freebsd	4.6	4.6
Freebsd	Freebsd	4.7	4.7
Freebsd	Freebsd	5.0	5.0
Cvs	Ubuntu	dapper	*
Cvs	Ubuntu	devel	*
Cvs	Ubuntu	edgy	*
Cvs	Ubuntu	feisty	*

Potential Mitigations

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14
http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2
http://rhn.redhat.com/errata/RHSA-2003-013.html
http://security.e-matters.de/advisories/012003.html
http://www.cert.org/advisories/CA-2003-02.html
http://www.ciac.org/ciac/bulletins/n-032.shtml
http://www.debian.org/security/2003/dsa-233
http://www.kb.cert.org/vuls/id/650937
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
http://www.redhat.com/support/errata/RHSA-2003-012.html
http://www.securityfocus.com/bid/6650
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0015
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References