Apache Subversion 1.9.x < 1.9.3 Buffer Overflow
High Nessus Network Monitor Plugin ID 9069
SynopsisThe remote host is running a version of Apache Subversion (SVN) that is affected by a buffer overflow vulnerability.
DescriptionThe version of Apache Subversion installed on the remote host is 1.9.x prior to 1.9.3 and is affected by a buffer overflow vulnerability. Specifically, these versions contain an overflow condition in the 'svn://' protocol parser. The issue is triggered as user-supplied input is not properly validated when handling 'svn://' protocol strings. This may allow a remote attacker to use a specially crafted request to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
SolutionUpgrade to Apache Subversion 1.9.3 or later.