CVE-2003-0015
cvs - doubly freed memory
EPSS 37.0%
Description
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
How to fix CVE-2003-0015
To remediate CVE-2003-0015, upgrade the affected package to a fixed version below.
- Debian/cvs—upgrade to 1.11.2-5.1 or later
- Debian/cvs—upgrade to 1.11.1p1debian-8.1 or later
Is CVE-2003-0015 being exploited?
Moderate — EPSS is 37.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.11.2-5.1
- from 0, < 1.11.1p1debian-8.1