Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Subversion 1.9.x < 1.9.3 Buffer Overflow

High

Synopsis

The remote host is running a version of Apache Subversion (SVN) that is affected by a buffer overflow vulnerability.

Description

The version of Apache Subversion installed on the remote host is 1.9.x prior to 1.9.3 and is affected by a buffer overflow vulnerability. Specifically, these versions contain an overflow condition in the 'svn://' protocol parser. The issue is triggered as user-supplied input is not properly validated when handling 'svn://' protocol strings. This may allow a remote attacker to use a specially crafted request to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to Apache Subversion 1.9.3 or later.