Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

TortoiseSVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows



The remote host is vulnerable to multiple attack vectors.


The installed version of the TortoiseSVN is affected by multiple heap overflow issues. Specifically, the 'libsvn_delta' library fails to perform sufficient boundary checks before processing certain svndiff streams. An attacker with commit access to a vulnerable Subversion server could exploit this vulnerability from a Subversion client to trigger a heap overflow on the server. Typically such an attack would result in a denial of service condition or arbitrary code execution. An attacker could also trigger this issue from a rogue Subversion server on a Subversion client in response to a checkout or update request.


Upgrade to TortoiseSVN 1.5.7/1.6.4 or later.