CVE-2015-5343
published 2016-04-14CVE-2015-5343: Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a…
high7.6CVSS 3.0
AVNACLPRLUINSUCLILAH
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | >= 0 < 1.9.3-1 | 1.9.3-1 |
| apache | subversion | 1.7.0 – 1.7.20 | — |
| apache | subversion | >= 1.8.0 < 1.8.15 | 1.8.15 |
| apache | subversion | >= 1.9.0 < 1.9.3 | 1.9.3 |
| debian | debian_linux | — | — |
| debian | subversion | < subversion 1.9.3-1 (bookworm) | subversion 1.9.3-1 (bookworm) |
CVSS provenance
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
osv7.6HIGH