Project

General

Profile

Bug #9930

subversion: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)

Added by Alicha CH 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
01/28/2019
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-11803

Description

Subversion 1.10.0 introduced server-side support for recursive directory listing operations. The implementation in mod_dav_svn failed to validate the root path of the directory listing provided by the client. If the client omits the root path, mod_dav_svn will deference an uninitialized pointer variable and crash the HTTPD worker process handling the request.

Fixed In Version:

subversion 1.10.4, subversion 1.11.1

References:

https://subversion.apache.org/security/CVE-2018-11803-advisory.txt


Subtasks

Bug #9931: [3.9] subversion: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)ClosedNatanael Copa

Bug #9932: [3.8] subversion: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)ClosedNatanael Copa

History

#1 Updated by Alicha CH 4 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF