CVE-2013-1846 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Subversion

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources

Severity

4.0MEDIUMNVD

EPSS

1.9%

top 16.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Opensuse

Timeline

PublishedMay 2

Latest updateMay 14

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶Debianapache/subversion< 1.7.9-1+3

▶NVDapache/subversion1.6.20+28

▶NVDopensuse/opensuse12.1, 12.2, 12.3+2

🔴Vulnerability Details

GHSA

GHSA-mv22-f57f-6934: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2022-05-14

▶

CVEList

CVE-2013-1846: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2013-05-02

▶

OSV

CVE-2013-1846: The mod_dav_svn Apache HTTPD server module in Subversion 1↗2013-05-02

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2013-06-27

▶

Red Hat

(mod_dav_svn): DoS (crash) via LOCK requests against an activity URL↗2013-04-04

▶

Debian

CVE-2013-1846: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and...↗2013

▶

Apache

Apache subversion: CVE-2013-1846↗

▶

💬Community

Bugzilla

CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 subversion various flaws [fedora-all]↗2013-04-05

▶

Bugzilla

CVE-2013-1846 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against an activity URL↗2013-03-29

▶