Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Subversion < 1.8.15 / 1.9.x < 1.9.3 Buffer Overflow

Medium

Synopsis

The remote host is running a version of Apache Subversion (SVN) that is affected by a buffer overflow vulnerability.

Description

The version of Apache Subversion installed on the remote host is 1.7.x, 1.8.x prior to 1.8.15, or 1.9.x prior to 1.9.3 and is affected by a buffer overflow vulnerability. Specifically, these versions contain an integer overflow condition in the 'request_body_to_string()' function in 'mod_dav_svn/util.c' that is triggered when handling skel-encoded request bodies. This may allow an authenticated, remote attacker to cause a heap-based buffer overflow, crashing the service or potentially allowing the execution of arbitrary code. (CVE-2015-5343)

Solution

Upgrade to Subversion 1.9.3 or later. If 1.9.x cannot be obtained, 1.8.15 has also been patched for this vulnerability.