Lucene search

Veracode Vulnerability DatabaseVERACODE:23914

HistoryApr 10, 2020 - 12:39 a.m.

Remote Code Execution(RCE)

2020-04-1000:39:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

JSON

Subversion (SVN) is a vulnerable to Remote Code Execution(RCE).Multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution.

CPENameOperatorVersion
subversioneq1.4.2__2.el5
subversioneq1.4.2__2.el5

CPE	Name	Operator	Version
	subversion	eq	1.4.2__2.el5
	subversion	eq	1.4.2__2.el5

References

archives.neohapsis.com/archives/bugtraq/2009-08/0056.html

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

osvdb.org/56856

secunia.com/advisories/36184

secunia.com/advisories/36224

secunia.com/advisories/36232

secunia.com/advisories/36257

secunia.com/advisories/36262

subversion.tigris.org/security/CVE-2009-2411-advisory.txt

support.apple.com/kb/HT3937

svn.collab.net/repos/svn/tags/1.5.7/CHANGES

svn.collab.net/repos/svn/tags/1.6.4/CHANGES

svn.haxx.se/dev/archive-2009-08/0107.shtml

svn.haxx.se/dev/archive-2009-08/0108.shtml

svn.haxx.se/dev/archive-2009-08/0110.shtml

www.debian.org/security/2009/dsa-1855

www.mandriva.com/security/advisories?name=MDVSA-2009:199

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2009-1203.html

www.securityfocus.com/bid/35983

www.securitytracker.com/id?1022697

www.ubuntu.com/usn/usn-812-1

www.vupen.com/english/advisories/2009/2180

www.vupen.com/english/advisories/2009/3184

access.redhat.com/errata/RHSA-2009:1203

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465

www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

JSON

Related for VERACODE:23914