Vulnerability in Apache Software Foundation Subversion
CVE-2018-11803
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
EPSS: 0.578 (99.0th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Subversion — versions Apache Subversion 1.11.0, 1.10.0 to 1.10.3
References
- USN-3869-1 (x_refsource_UBUNTU, vendor-advisory)
- lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46… (x_refsource_CONFIRM)
- 106770 (vdb-entry, x_refsource_BID)
- GLSA-201904-08 (vendor-advisory, x_refsource_GENTOO)