CVE-2010-4644

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%[email protected]%3E

http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%[email protected]%3E

http://openwall.com/lists/oss-security/2011/01/02/1

http://openwall.com/lists/oss-security/2011/01/04/10

http://openwall.com/lists/oss-security/2011/01/04/8

http://openwall.com/lists/oss-security/2011/01/05/4

http://secunia.com/advisories/42780

http://secunia.com/advisories/42969

http://secunia.com/advisories/43115

http://secunia.com/advisories/43139

http://secunia.com/advisories/43346

http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES

http://svn.apache.org/viewvc?view=revision&revision=1032808

http://svn.haxx.se/dev/archive-2010-11/0102.shtml

http://www.mandriva.com/security/advisories?name=MDVSA-2011:006

http://www.redhat.com/support/errata/RHSA-2011-0257.html

http://www.redhat.com/support/errata/RHSA-2011-0258.html

http://www.securityfocus.com/bid/45655

http://www.securitytracker.com/id?1024935

http://www.ubuntu.com/usn/USN-1053-1

http://www.vupen.com/english/advisories/2011/0015

http://www.vupen.com/english/advisories/2011/0103

http://www.vupen.com/english/advisories/2011/0162

http://www.vupen.com/english/advisories/2011/0264

https://exchange.xforce.ibmcloud.com/vulnerabilities/64473

Details

Source: MITRE

Published: 2011-01-07

Updated: 2017-08-17

Type: CWE-399

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:subversion:0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.14.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.16.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.17.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.17.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.18.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.18.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.19.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.19.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.20.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.21.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.22.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.22.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.23.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.24.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.24.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.25.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.26.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.27.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.28.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.28.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.29.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.30.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.32.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.33.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.35.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.36.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:0.37.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:* versions up to 1.6.14 (inclusive)

cpe:2.3:a:apache:subversion:m1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:m2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:m3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:m4\/m5:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
75616openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1)NessusSuSE Local Security Checks
medium
70084GLSA-201309-11 : Subversion: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68200Oracle Linux 6 : subversion (ELSA-2011-0258)NessusOracle Linux Local Security Checks
medium
68199Oracle Linux 5 : subversion (ELSA-2011-0257)NessusOracle Linux Local Security Checks
medium
60955Scientific Linux Security Update : subversion on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60954Scientific Linux Security Update : subversion on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
53759openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1)NessusSuSE Local Security Checks
medium
53420CentOS 5 : subversion (CESA-2011:0257)NessusCentOS Local Security Checks
medium
51995RHEL 6 : subversion (RHSA-2011:0258)NessusRed Hat Local Security Checks
medium
51994RHEL 5 : subversion (RHSA-2011:0257)NessusRed Hat Local Security Checks
medium
51846Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1)NessusUbuntu Local Security Checks
medium
51798Mandriva Linux Security Advisory : subversion (MDVSA-2011:006)NessusMandriva Local Security Checks
medium
51565Fedora 14 : subversion-1.6.15-1.fc14 (2011-0099)NessusFedora Local Security Checks
medium
51520FreeBSD : subversion -- multiple DoS (71612099-1e93-11e0-a587-001b77d09812)NessusFreeBSD Local Security Checks
medium