Your submission was sent successfully! Close

CVE-2015-5343

Published: 15 December 2015

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Priority

Medium

CVSS 3 base score: 7.6

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.15,1.9.3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.9.3-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.8.8-1ubuntu3.3])
Binaries built from this source package are in Universe and so are supported by the community.