3 matches found
CLSA-2022-1654175590 Fixed CVE-2022-24070 in subversion-4.module_el8.5.0+2053+ac338b6d.tuxcare.els1
CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...
CLSA-2022-1654175372 Fixed CVE-2022-24070 in subversion-4.module_el8.4.0+2052+ac338b6d.tuxcare.els1
CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...
CVE-2022-24070
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...