Your submission was sent successfully! Close

CVE-2015-5259

Published: 15 December 2015

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.9.3-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.8.8-1ubuntu3.2])