Intrusion Prevention

CVS.Argumentx.Command.Double.Free.Heap.Corruption

Description

CVS (Concurrent Versions System) has a double free vulnerability. An attacker can exploit it with the command "Argumentx" without any arguments. This issue may allow remote attackers to execute arbitrary code.

Affected Products

CVS (Concurrent Versions System) 1.11.16 and earlier.
CVS (Concurrent Versions System) 1.12.8 and earlier.

Impact

System compromise: possible remote code execution.

Recommended Actions

Upgrade to the latest version, available from Web site:
http://ccvs.cvshome.org/

CVE References

CVE-2004-0416