CVE-2014-8108NULL Pointer Dereference in Apache Subversion

CWE-476NULL Pointer Dereference12 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
5.0%
top 10.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apache SubversionApple XcodeRedhat Enterprise Linux Desktop+3 more
Timeline
PublishedDec 18
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

Debianapache/subversion< 1.8.10-5+3
NVDapache/subversion91 versions+90
NVDapple/xcode6.1.1

Patches

Patch: subversion.apache.orgPatch: subversion.apache.org

🔴Vulnerability Details

4
GHSA
GHSA-vw28-xrgp-7gqj: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12022-05-17
OSV
subversion vulnerabilities2015-08-20
CVEList
CVE-2014-8108: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12014-12-18
OSV
CVE-2014-8108: The mod_dav_svn Apache HTTPD server module in Apache Subversion 12014-12-18

📋Vendor Advisories

5
Ubuntu
Subversion vulnerabilities2015-08-20
Red Hat
subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names2014-12-15
Debian
CVE-2014-8108: subversion - The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7...2014
Apple
CVE-2014-8108: Xcode 6.2
Apache
Apache subversion: CVE-2014-8108

💬Community

2
Bugzilla
CVE-2014-8108 CVE-2014-3580 subversion: various flaws [fedora-all]2014-12-16
Bugzilla
CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names2014-12-15
CVE-2014-8108 — NULL Pointer Dereference in Apache | cvebase