Описание
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.3.1-3ubuntu1 |
| devel | released | 1.3.1-3ubuntu1 |
| edgy | released | 1.3.1-3ubuntu1 |
| feisty | released | 1.3.1-3ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
10 Critical
CVSS2
Связанные уязвимости
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn:/ ...
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
EPSS
10 Critical
CVSS2