CVE-2010-4539 — Apache Subversion vulnerability

CWE-39910 documents9 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 22.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedJan 7

Latest updateMay 17

Description

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages2 packages

▶Debianapache/subversion< 1.6.12dfsg-4+3

▶NVDapache/subversion1.6.14+110

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-m28q-h289-m2g5: The walk function in repos↗2022-05-17

▶

OSV

CVE-2010-4539: The walk function in repos↗2011-01-07

▶

CVEList

CVE-2010-4539: The walk function in repos↗2011-01-07

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2011-02-01

▶

Red Hat

(mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser↗2010-11-26

▶

Debian

CVE-2010-4539: subversion - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Serve...↗2010

▶

Apache

Apache subversion: CVE-2010-4539↗

▶

💬Community

Bugzilla

CVE-2010-4539 CVE-2010-4644 subversion various flaws [fedora-13]↗2011-01-06

▶

Bugzilla

CVE-2010-4539 Subversion (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser↗2011-01-05

▶