Buffer overflow in Apache Subversion

CVE-2013-1884

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an…

Vulnerability class: Buffer Overflow

EPSS: 0.505 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.7.0, 1.7.1, 1.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2013:0687 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
[subversion-announce] 20130404 Apache Subversion 1.7.9 released (mailing-list, x_refsource_MLIST)
oval:org.mitre.oval:def:18788 (x_refsource_OVAL, signature, vdb-entry)
USN-1893-1 (x_refsource_UBUNTU, vendor-advisory)
MDVSA-2013:153 (vendor-advisory, x_refsource_MANDRIVA)