CVE-2010-4644
Published: 7 January 2011
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Notes
| Author | Note |
|---|---|
| mdeslaur | PoC: http://svn.haxx.se/dev/archive-2010-11/0163.shtml hardy and older don't support -g, 1.5.x and higher only |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
subversion Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(1.3.1-3ubuntu1.2)
|
| hardy |
Not vulnerable
(1.4.6dfsg1-2ubuntu1.1)
|
|
| karmic |
Released
(1.6.5dfsg-1ubuntu1.1)
|
|
| lucid |
Released
(1.6.6dfsg-2ubuntu1.1)
|
|
| maverick |
Released
(1.6.12dfsg-1ubuntu1.1)
|
|
| upstream |
Released
(1.6.15)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1032808 upstream: http://svn.apache.org/viewvc?view=revision&revision=1041438 upstream: http://svn.apache.org/viewvc?view=revision&revision=1033227 upstream: http://svn.apache.org/viewvc?view=revision&revision=1041504 |
||