CVE-2004-0413 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Subversion

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

10.8%

top 6.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Openpkg Subversion

Timeline

PublishedAug 6

Latest updateApr 29

Description

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶Debianapache/subversion< 1.0.5-1+3

▶NVDsubversion/subversion5 versions+4

▶NVDopenpkg/openpkg2.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwr7-hw2w-cf69: libsvn_ra_svn in Subversion 1↗2022-04-29

▶

OSV

CVE-2004-0413: libsvn_ra_svn in Subversion 1↗2004-08-06

▶

CVEList

CVE-2004-0413: libsvn_ra_svn in Subversion 1↗2004-06-23

▶

📋Vendor Advisories

Debian

CVE-2004-0413: subversion - libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn...↗2004

▶