PT-2020-6583 · Apache+10 · Subversion+10

Thomas Åkesson

Published

2020-08-12

Updated

2024-06-15

CVE-2020-17525

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Subversion mod dav svn+mod authz svn versions prior to 1.10.7 Subversion mod dav svn+mod authz svn versions prior to 1.14.1

Description The mod authz svn module in Subversion will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service.

Recommendations For Subversion mod dav svn+mod authz svn versions prior to 1.10.7, update to version 1.10.7 or later. For Subversion mod dav svn+mod authz svn versions prior to 1.14.1, update to version 1.14.1 or later.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:0507

ALSA-2021_0507

ALT-PU-2021-1334

ALT-PU-2021-1348

ALT-PU-2021-1355

AZL-6899

BDU:2022-00306

BIT-SUBVERSION-2020-17525

CESA-2021_0507

CVE-2020-17525

DLA-2646-1

DSA-4851-1

ELSA-2021-0507

MGASA-2021-0091

OPENSUSE-SU-2021:0280-1

OPENSUSE-SU-2021_0280-1

OPENSUSE-SU-2024:11412-1

RHSA-2021:0507

RHSA-2021:0508

RHSA-2021:0509

RHSA-2021_0507

RLSA-2021:0507

RLSA-2021_0507

ROSA-SA-2023-2216

SUSE-SU-2021:0424-1

SUSE-SU-2021:0425-1

SUSE-SU-2021_0424-1

SUSE-SU-2021_0425-1

USN-5322-1

USN-5445-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Subversion

Suse

Ubuntu

PT-2020-6583 · Apache+10 · Subversion+10

CVE-2020-17525

Weakness Enumeration

Related Identifiers

Affected Products

References · 57