Lucene search

K
suseSuseSUSE-SA:2009:044
HistoryAug 14, 2009 - 11:06 a.m.

remote code execution in subversion

2009-08-1411:06:32
lists.opensuse.org
56

EPSS

0.037

Percentile

92.0%

Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with commit access to cause a remote denial-of-service or arbitrary code execution. It can also be exploited in the other direction from a server to a client that tries to do a checkout or update.

Solution

Please update.