CVE-2013-4131Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Subversion

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
0.7%
top 28.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Subversion
Timeline
PublishedJul 31
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Debianapache/subversion< 1.7.13-1+3
NVDapache/subversion12 versions+11

🔴Vulnerability Details

3
GHSA
GHSA-632g-wm7q-4fjw: The mod_dav_svn Apache HTTPD server module in Subversion 12022-05-17
CVEList
CVE-2013-4131: The mod_dav_svn Apache HTTPD server module in Subversion 12013-07-31
OSV
CVE-2013-4131: The mod_dav_svn Apache HTTPD server module in Subversion 12013-07-31

📋Vendor Advisories

3
Red Hat
subversion: DoS (assertion failure, crash) in mod_dav_svn when handling certain MOVE, COPY, or DELETE HTTP requests2013-07-24
Debian
CVE-2013-4131: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 an...2013
Apache
Apache subversion: CVE-2013-4131

💬Community

2
Bugzilla
CVE-2013-4131 subversion: DoS (assertion failure, crash) in mod_dav_svn when handling certain MOVE, COPY, or DELETE HTTP requests [fedora-all]2013-07-24
Bugzilla
CVE-2013-4131 subversion: DoS (assertion failure, crash) in mod_dav_svn when handling certain MOVE, COPY, or DELETE HTTP requests2013-07-19
CVE-2013-4131 — Apache Subversion vulnerability | cvebase