CVE-2015-5259
Published: 15 December 2015
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
Notes
Author | Note |
---|---|
mdeslaur | 1.9.0+ only |
Priority
Status
Package | Release | Status |
---|---|---|
subversion Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(1.6.17dfsg-3ubuntu3.5)
|
trusty |
Does not exist
(trusty was not-affected [1.8.8-1ubuntu3.2])
|
|
upstream |
Released
(1.9.3)
|
|
vivid |
Not vulnerable
(1.8.10-5ubuntu1.1)
|
|
wily |
Not vulnerable
(1.8.13-1ubuntu3)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.6 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |