CVE-2015-5259

CWE-119Buffer OverflowCWE-189CWE-190Integer OverflowCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read9 documents8 sources
Severity
8.6HIGH
EPSS
40.7%
top 2.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Subversion
Timeline
PublishedJan 8
Latest updateMay 17

Description

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages2 packages

NVDapache/subversion1.9.0, 1.9.1, 1.9.2+2
Debiansubversion< 1.9.3-1+3

🔴Vulnerability Details

3
GHSA
GHSA-5h66-v34j-rg64: Integer overflow in the read_string function in libsvn_ra_svn/marshal2022-05-17
OSV
CVE-2015-5259: Integer overflow in the read_string function in libsvn_ra_svn/marshal2016-01-08
CVEList
CVE-2015-5259: Integer overflow in the read_string function in libsvn_ra_svn/marshal2016-01-08

📋Vendor Advisories

3
Red Hat
subversion: integer overflow in the svn:// protocol parser2015-12-15
Debian
CVE-2015-5259: subversion - Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apach...2015
Apache
Apache subversion: CVE-2015-5259

💬Community

2
Bugzilla
CVE-2015-5259 CVE-2015-5343 subversion: various flaws [fedora-all]2015-12-16
Bugzilla
CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser2015-12-09
CVE-2015-5259 (HIGH CVSS 8.6) | Integer overflow in the read_string | cvebase.io