PT-2021-7366 · Apache+11 · Mod Dav Svn+12

Thomas Weissschuh

Published

2021-04-12

Updated

2025-08-14

CVE-2022-24070

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Subversion mod dav svn versions 1.10.0 through 1.14.1

Description The issue is related to memory corruption in Subversion's mod dav svn. It occurs when mod dav svn servers attempt to use memory that has already been freed while looking up path-based authorization rules. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Subversion mod dav svn versions 1.10.0 through 1.14.1, update to a version that addresses the memory corruption issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:2234

ALT-PU-2022-1700

ALT-PU-2023-7024

ALT-PU-2024-11076

ALT-PU-2024-17145

AZL-9368

BDU:2022-05791

BIT-SUBVERSION-2022-24070

CESA-2022_2234

CESA-2022_4941

CVE-2022-24070

DSA-5119-1

INFSA-2022_4591

MGASA-2022-0140

OESA-2022-1647

OPENSUSE-SU-2022_1162-1

OPENSUSE-SU-2024:12007-1

RHSA-2022:2222

RHSA-2022:2234

RHSA-2022:2236

RHSA-2022:2237

RHSA-2022:4591

RHSA-2022:4722

RHSA-2022:4941

RHSA-2022_2234

RHSA-2022_4591

RHSA-2022_4941

RLSA-2022:2234

RLSA-2022:4591

RLSA-2022:4941

SUSE-SU-2022:1161-1

SUSE-SU-2022:1162-1

SUSE-SU-2022:1483-1

USN-5372-1

USN-5450-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Subversion

Suse

Ubuntu

Mod Dav Svn

PT-2021-7366 · Apache+11 · Mod Dav Svn+12

CVE-2022-24070

Weakness Enumeration

Related Identifiers

Affected Products

References · 77