8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.036 Low
EPSS
Percentile
91.6%
Subversion is a versioning system designed to be a replacement for CVS.
Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows.
A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client.
There is no known workaround at this time.
All Subversion users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/subversion-1.6.4"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-util/subversion | <Β 1.6.4 | UNKNOWN |