CVE-2009-2411
7.4 High
AI Score
Confidence
Low
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.036 Low
EPSS
Percentile
91.6%
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
References
archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
osvdb.org/56856
secunia.com/advisories/36184
secunia.com/advisories/36224
secunia.com/advisories/36232
secunia.com/advisories/36257
secunia.com/advisories/36262
subversion.tigris.org/security/CVE-2009-2411-advisory.txt
support.apple.com/kb/HT3937
svn.collab.net/repos/svn/tags/1.5.7/CHANGES
svn.collab.net/repos/svn/tags/1.6.4/CHANGES
svn.haxx.se/dev/archive-2009-08/0107.shtml
svn.haxx.se/dev/archive-2009-08/0108.shtml
svn.haxx.se/dev/archive-2009-08/0110.shtml
www.debian.org/security/2009/dsa-1855
www.mandriva.com/security/advisories?name=MDVSA-2009:199
www.redhat.com/support/errata/RHSA-2009-1203.html
www.securityfocus.com/bid/35983
www.securitytracker.com/id?1022697
www.ubuntu.com/usn/usn-812-1
www.vupen.com/english/advisories/2009/2180
www.vupen.com/english/advisories/2009/3184
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
Related
7.4 High
AI Score
Confidence
Low
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.036 Low
EPSS
Percentile
91.6%