Your submission was sent successfully! Close

You have successfully unsubscribed! Close


Published: 15 December 2015

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.



CVSS 3 base score: 7.6


Package Release Status
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist
(trusty was released [1.8.8-1ubuntu3.3])
Released (1.8.15,1.9.3)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable
Binaries built from this source package are in Universe and so are supported by the community.