PT-2013-3429 · Apache+3 · Subversion+4

Ben Reser

·

Publicado

2013-02-05

·

Atualizado

2024-06-15

·

CVE-2013-1846

CVSS v2.0

4.0

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Subversion versions 1.6.x through 1.6.21 Subversion versions 1.7.0 through 1.7.8
Description The issue allows remote authenticated users to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved through a LOCK on an activity URL.
Recommendations For Subversion versions 1.6.x through 1.6.21, update to version 1.6.21 or later to resolve the issue. For Subversion versions 1.7.0 through 1.7.8, update to version 1.7.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod dav svn module until a patch is available.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CESA-2013_0737
CVE-2013-1846
DLA-207-1
OPENSUSE-SU-2024:10538-1
RHSA-2013:0737
RHSA-2013_0737
SUSE-SU-2015:0709-1

Produtos afetados

Apache Subversion
Centos
Red Hat
Subversion
Suse