Apple Computer Inc. Information for VU#650937
Concurrent Versions System (CVS) server improperly deallocates memory
- Vendor Information Help Date Notified: 20 Jan 2003
- Statement Date:
- Date Updated: 20 Aug 2003
Apple: Not Vulnerable. The underlying code in Mac OS X is not susceptible to the vulnerability described in this notice.
The vendor has not provided us with any further information regarding this vulnerability.
Based on source code analysis, cvs-29 from the Darwin Projects Directory appears to be vulnerable. However, the Apple OS X malloc(3) implementation (phkmalloc) may safely handle the double-free condition. If malloc(3) is configured such that all warnings are fatal ("A" option), the impact of this vulnerability on Darwin cvs-29 may be limited to a denial of service.
Darwin cvs-29 may not be the same cvs code that is shipped with the Apple OS X Developer Tools package.
If you have feedback, comments, or additional information about this vulnerability, please send us email.