CVE-2013-4246

CWE-284 — Improper Access Control7 documents7 sources

Severity

8.8HIGH

EPSS

0.4%

top 40.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedOct 30

Latest updateMay 17

Description

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDapache/subversion1.8.0, 1.8.1+1

Patches

Patch: subversion.apache.org ↗Patch: subversion.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-6x72-77pg-58cr: libsvn_fs_fs/fs_fs↗2022-05-17

▶

CVEList

CVE-2013-4246: libsvn_fs_fs/fs_fs↗2017-10-30

▶

📋Vendor Advisories

Red Hat

subversion: FSFS repository corruption due to editing packed revision properties↗2013-08-30

▶

Debian

CVE-2013-4246: subversion - libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote ...↗2013

▶

Apache

Apache subversion: CVE-2013-4246↗

▶

💬Community

Bugzilla

CVE-2013-4246 subversion: FSFS repository corruption due to editing packed revision properties↗2013-08-22

▶