Your submission was sent successfully! Close

CVE-2015-5259

Published: 15 December 2015

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

Notes

AuthorNote
mdeslaur
1.9.0+ only
Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
precise Not vulnerable
(1.6.17dfsg-3ubuntu3.5)
trusty Does not exist
(trusty was not-affected [1.8.8-1ubuntu3.2])
upstream
Released (1.9.3)
vivid Not vulnerable
(1.8.10-5ubuntu1.1)
wily Not vulnerable
(1.8.13-1ubuntu3)