CVE-2003-0015
CVS 1.11.x - Directory Request Double-Free Heap Corruption
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Vulnerabilidad de doble liberación de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-01-07 CVE Reserved
- 2003-01-20 First Exploit
- 2003-02-07 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-415: Double Free
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html | Mailing List | |
| http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14 | Broken Link | |
| http://marc.info/?l=bugtraq&m=104333092200589&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=104342550612736&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=104428571204468&w=2 | Mailing List | |
| http://www.cert.org/advisories/CA-2003-02.html | Third Party Advisory | |
| http://www.ciac.org/ciac/bulletins/n-032.shtml | Government Resource | |
| http://www.kb.cert.org/vuls/id/650937 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/6650 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11108 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/22187 | 2003-01-20 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2003-013.html | 2018-05-03 | |
| http://security.e-matters.de/advisories/012003.html | 2018-05-03 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104438807203491&w=2 | 2018-05-03 | |
| http://www.debian.org/security/2003/dsa-233 | 2018-05-03 | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009 | 2018-05-03 | |
| http://www.redhat.com/support/errata/RHSA-2003-012.html | 2018-05-03 | |
| https://access.redhat.com/security/cve/CVE-2003-0015 | 2003-01-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1616934 | 2003-01-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.4 Search vendor "Freebsd" for product "Freebsd" and version "4.4" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.5 Search vendor "Freebsd" for product "Freebsd" and version "4.5" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.6 Search vendor "Freebsd" for product "Freebsd" and version "4.6" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.7 Search vendor "Freebsd" for product "Freebsd" and version "4.7" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 5.0 Search vendor "Freebsd" for product "Freebsd" and version "5.0" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.10.7 Search vendor "Cvs" for product "Cvs" and version "1.10.7" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.10.8 Search vendor "Cvs" for product "Cvs" and version "1.10.8" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11 Search vendor "Cvs" for product "Cvs" and version "1.11" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11.1 Search vendor "Cvs" for product "Cvs" and version "1.11.1" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11.1p1 Search vendor "Cvs" for product "Cvs" and version "1.11.1p1" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11.2 Search vendor "Cvs" for product "Cvs" and version "1.11.2" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11.3 Search vendor "Cvs" for product "Cvs" and version "1.11.3" | - |
Affected
| ||||||
| Cvs Search vendor "Cvs" | Cvs Search vendor "Cvs" for product "Cvs" | 1.11.4 Search vendor "Cvs" for product "Cvs" and version "1.11.4" | - |
Affected
| ||||||