CVE-2014-3580NULL Pointer Dereference in Apache Subversion

CWE-476NULL Pointer Dereference12 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
13.7%
top 5.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apache SubversionApple XcodeDebian Linux+5 more
Timeline
PublishedDec 18
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

Debianapache/subversion< 1.8.10-5+3
Ubuntuapache/subversion< 1.8.8-1ubuntu3.2
NVDapache/subversion92 versions+91
NVDapple/xcode6.1.1

Also affects: Debian Linux 7.0, Enterprise Linux 6.6.z

Patches

Patch: subversion.apache.orgPatch: subversion.apache.org

🔴Vulnerability Details

4
GHSA
GHSA-x4g6-pj88-5h4h: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12022-05-17
OSV
subversion vulnerabilities2015-08-20
OSV
CVE-2014-3580: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12014-12-18
CVEList
CVE-2014-3580: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12014-12-18

📋Vendor Advisories

5
Ubuntu
Subversion vulnerabilities2015-08-20
Red Hat
subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests2014-12-15
Debian
CVE-2014-3580: subversion - The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.1...2014
Apache
Apache subversion: CVE-2014-3580
Apple
CVE-2014-3580: Xcode 6.2

💬Community

2
Bugzilla
CVE-2014-8108 CVE-2014-3580 subversion: various flaws [fedora-all]2014-12-16
Bugzilla
CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests2014-12-15
CVE-2014-3580 — NULL Pointer Dereference in Apache | cvebase