SUSE CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

(mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...