CVE-2013-1845 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Subversion

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources

Severity

2.1LOWNVD

EPSS

1.8%

top 17.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Opensuse

Timeline

PublishedMay 2

Latest updateMay 14

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debianapache/subversion< 1.7.9-1+3

▶NVDapache/subversion30 versions+29

▶NVDopensuse/opensuse12.1, 12.2, 12.3+2

🔴Vulnerability Details

GHSA

GHSA-mgxf-hfqq-6365: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2022-05-14

▶

OSV

CVE-2013-1845: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2013-05-02

▶

CVEList

CVE-2013-1845: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2013-05-02

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2013-06-27

▶

Red Hat

(mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted↗2013-04-04

▶

Debian

CVE-2013-1845: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and...↗2013

▶

Apache

Apache subversion: CVE-2013-1845↗

▶

💬Community

Bugzilla

CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 subversion various flaws [fedora-all]↗2013-04-05

▶

Bugzilla

CVE-2013-1845 Subversion (mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted↗2013-03-29

▶