CVE-2015-5259
published 2016-01-08CVE-2015-5259: Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary…
high8.6CVSS 3.0
AVNACLPRNUINSUCLILAH
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| debian | subversion | < subversion 1.9.3-1 (bookworm) | subversion 1.9.3-1 (bookworm) |
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv8.6HIGH