Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23914
HistoryApr 10, 2020 - 12:39 a.m.

Remote Code Execution(RCE)

2020-04-1000:39:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
subversion
remote code execution
vulnerable
heap overflow
binary deltas

EPSS

0.037

Percentile

92.0%

Subversion (SVN) is a vulnerable to Remote Code Execution(RCE).Multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution.

Affected configurations

Vulners
Node
subversionsubversionMatch1.4.2_2.el5
OR
subversionsubversionMatch1.4.2_2.el5
VendorProductVersionCPE
subversionsubversion1.4.2_2.el5cpe:2.3:a:subversion:subversion:1.4.2_2.el5:*:*:*:*:*:*:*

References