Your submission was sent successfully! Close

CVE-2015-5343

Published: 15 December 2015

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Priority

Medium

CVSS 3 base score: 7.6

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist
(trusty was released [1.8.8-1ubuntu3.3])
upstream
Released (1.8.15,1.9.3)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1.9.3-1ubuntu1)
yakkety Not vulnerable
(1.9.3-1ubuntu1)
zesty Not vulnerable
(1.9.3-1ubuntu1)
Binaries built from this source package are in Universe and so are supported by the community.