CVE-2022-24070
published 2022-04-12CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | — | — |
| apache | subversion | >= 0 < 1.14.1-3+deb11u1 | 1.14.1-3+deb11u1 |
| apache | subversion | >= 0 < 1.14.2-1 | 1.14.2-1 |
| apache | subversion | >= 0 < 1.14.2-1 | 1.14.2-1 |
| apache | subversion | >= 0 < 1.14.2-1 | 1.14.2-1 |
| apache | subversion | >= 0 < 1.13.0-3ubuntu0.1 | 1.13.0-3ubuntu0.1 |
| apache | subversion | >= 0 < 1.14.1-3ubuntu0.22.04.1 | 1.14.1-3ubuntu0.22.04.1 |
| apache | subversion | >= 1.10.0 < 1.10.8 | 1.10.8 |
| apache | subversion | >= 1.14.0 < 1.14.2 | 1.14.2 |
| apache_software_foundation | apache_subversion | — | — |
| apple | macos | >= 12.0 < 12.5 | 12.5 |
| apple | macos_monterey | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | subversion | < subversion 1.14.2-1 (bookworm) | subversion 1.14.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_subversion_1.14.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_subversion_1.14.0-5_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH