PT-2019-2954 · Apache+8 · Apache Subversion+8

Published

2019-07-31

·

Updated

2024-06-15

·

CVE-2019-0203

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache Subversion versions up to and including 1.9.10 Apache Subversion versions up to and including 1.10.4 Apache Subversion versions up to and including 1.12.0
Description The issue is related to the svnserve server process in Apache Subversion, which may exit when a client sends certain sequences of protocol commands, leading to disruption for users of the server. The vulnerability is also associated with a null pointer dereference. Exploitation of the vulnerability can allow a remote attacker to cause a denial of service.
Recommendations For Apache Subversion versions up to and including 1.9.10, update to a version that fixes the issue. For Apache Subversion versions up to and including 1.10.4, update to a version that fixes the issue. For Apache Subversion versions up to and including 1.12.0, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the svnserve server process to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-755

Related Identifiers

ALSA-2019:2512
ALT-PU-2020-1641
ALT-PU-2020-2914
BDU:2019-02929
CESA-2019_2512
CVE-2019-0203
DLA-1903-1
DSA-4490-1
MGASA-2019-0243
OPENSUSE-SU-2019:1910-1
OPENSUSE-SU-2019_1910-1
OPENSUSE-SU-2024:11412-1
RHSA-2019:2512
RHSA-2019_2512
RLSA-2019:2512
SUSE-SU-2019:2031-1
SUSE-SU-2019:2032-1
USN-4082-1
USN-4082-2
USN-5445-1

Affected Products

Alt Linux
Almalinux
Apache Subversion
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu