Lucene search

[email protected]NVD:CVE-2009-2411

HistoryAug 07, 2009 - 7:30 p.m.

CVE-2009-2411

2009-08-0719:30:00

CWE-189

[email protected]

web.nvd.nist.gov

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.2%

JSON

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Affected configurations

NVD

Node

subversionsubversionRange≤1.5.6

subversionsubversionMatch0.22.1

subversionsubversionMatch0.23.0

subversionsubversionMatch0.24.0

subversionsubversionMatch0.24.1

subversionsubversionMatch0.24.2

subversionsubversionMatch0.25.0

subversionsubversionMatch0.27.0

subversionsubversionMatch0.28.0

subversionsubversionMatch0.28.1

subversionsubversionMatch0.28.2

subversionsubversionMatch0.29.0

subversionsubversionMatch0.30.0

subversionsubversionMatch0.31.0

subversionsubversionMatch0.32.0

subversionsubversionMatch0.32.1

subversionsubversionMatch0.33.0

subversionsubversionMatch0.33.1

subversionsubversionMatch0.34.0

subversionsubversionMatch0.35.0

subversionsubversionMatch0.35.1

subversionsubversionMatch0.36.0

subversionsubversionMatch0.37.0

subversionsubversionMatch1.0

subversionsubversionMatch1.0.0

subversionsubversionMatch1.0.1

subversionsubversionMatch1.0.2

subversionsubversionMatch1.0.3

subversionsubversionMatch1.0.4

subversionsubversionMatch1.0.5

subversionsubversionMatch1.0.6

subversionsubversionMatch1.0.7

subversionsubversionMatch1.0.8

subversionsubversionMatch1.0.9

subversionsubversionMatch1.1.0

subversionsubversionMatch1.1.0_rc1

subversionsubversionMatch1.1.0_rc2

subversionsubversionMatch1.1.0_rc3

subversionsubversionMatch1.1.1

subversionsubversionMatch1.1.2

subversionsubversionMatch1.1.3

subversionsubversionMatch1.1.4

subversionsubversionMatch1.2.0

subversionsubversionMatch1.2.1

subversionsubversionMatch1.2.2

subversionsubversionMatch1.2.3

subversionsubversionMatch1.3.0

subversionsubversionMatch1.3.1

subversionsubversionMatch1.3.2

subversionsubversionMatch1.4.0

subversionsubversionMatch1.4.1

subversionsubversionMatch1.4.2

subversionsubversionMatch1.4.3

subversionsubversionMatch1.4.4

subversionsubversionMatch1.4.5

subversionsubversionMatch1.5.0

subversionsubversionMatch1.5.1

subversionsubversionMatch1.5.3

subversionsubversionMatch1.5.4

subversionsubversionMatch1.5.5

subversionsubversionMatch1.6.0

subversionsubversionMatch1.6.1

subversionsubversionMatch1.6.2

subversionsubversionMatch1.6.3

References

archives.neohapsis.com/archives/bugtraq/2009-08/0056.html

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

osvdb.org/56856

secunia.com/advisories/36184

secunia.com/advisories/36224

secunia.com/advisories/36232

secunia.com/advisories/36257

secunia.com/advisories/36262

subversion.tigris.org/security/CVE-2009-2411-advisory.txt

support.apple.com/kb/HT3937

svn.collab.net/repos/svn/tags/1.5.7/CHANGES

svn.collab.net/repos/svn/tags/1.6.4/CHANGES

svn.haxx.se/dev/archive-2009-08/0107.shtml

svn.haxx.se/dev/archive-2009-08/0108.shtml

svn.haxx.se/dev/archive-2009-08/0110.shtml

www.debian.org/security/2009/dsa-1855

www.mandriva.com/security/advisories?name=MDVSA-2009:199

www.redhat.com/support/errata/RHSA-2009-1203.html

www.securityfocus.com/bid/35983

www.securitytracker.com/id?1022697

www.ubuntu.com/usn/usn-812-1

www.vupen.com/english/advisories/2009/2180

www.vupen.com/english/advisories/2009/3184

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465

www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.2%

JSON

Related for NVD:CVE-2009-2411

securityvulns2 prion2 openvas79 debiancve2 ubuntucve2 cve2 nessus49 cvelist2 freebsd1 oraclelinux3 seebug2 redhat3 gentoo2 altlinux5 centos3 slackware3 httpd2 nvd1 ubuntu4 debian2 fedora6 veracode1 f52 osv1 suse2 kaspersky1