Unrated severityNVD Advisory· Published Feb 7, 2003· Updated Apr 16, 2026
CVE-2003-0015
CVE-2003-0015
Description
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Affected products
13cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- rhn.redhat.com/errata/RHSA-2003-013.htmlnvdPatchVendor Advisory
- security.e-matters.de/advisories/012003.htmlnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/650937nvdThird Party AdvisoryUS Government Resource
- ccvs.cvshome.org/servlets/NewsItemViewnvdBroken Link
- www.cert.org/advisories/CA-2003-02.htmlnvdUS Government Resource
- archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlnvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- www.ciac.org/ciac/bulletins/n-032.shtmlnvd
- www.debian.org/security/2003/dsa-233nvd
- www.mandrakesoft.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2003-012.htmlnvd
- www.securityfocus.com/bid/6650nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/11108nvd
News mentions
0No linked articles in our index yet.