CVE-2009-2411 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Subversion

CWE-1899 documents9 sources

Severity

8.5HIGHNVD

EPSS

6.2%

top 9.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Subversion

Timeline

PublishedAug 7

Latest updateMay 2

Description

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶Debianapache/subversion< 1.6.4dfsg-1+3

▶NVDsubversion/subversion1.5.6+63

🔴Vulnerability Details

GHSA

GHSA-vmfg-4frj-fmfg: Multiple integer overflows in the libsvn_delta library in Subversion before 1↗2022-05-02

▶

CVEList

CVE-2009-2411: Multiple integer overflows in the libsvn_delta library in Subversion before 1↗2009-08-07

▶

OSV

CVE-2009-2411: Multiple integer overflows in the libsvn_delta library in Subversion before 1↗2009-08-07

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerability↗2009-08-08

▶

Red Hat

subversion: multiple heap overflow issues↗2009-08-03

▶

Debian

CVE-2009-2411: subversion - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5....↗2009

▶

Apache

Apache subversion: CVE-2009-2411↗

▶

💬Community

Bugzilla

CVE-2009-2411 subversion: multiple heap overflow issues↗2009-07-30

▶