CVE-2019-0203
Published: 31 July 2019
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
From the Ubuntu security team
Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
subversion Launchpad, Ubuntu, Debian |
bionic |
Released
(1.9.7-4ubuntu1.1)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Not vulnerable
(1.10.6-1)
|
|
| focal |
Not vulnerable
(1.10.6-1)
|
|
| groovy |
Not vulnerable
(1.10.6-1)
|
|
| hirsute |
Not vulnerable
(1.10.6-1)
|
|
| impish |
Not vulnerable
(1.10.6-1)
|
|
| jammy |
Not vulnerable
(1.10.6-1)
|
|
| precise |
Released
(1.6.17dfsg-3ubuntu3.8)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(1.12.2,1.10.6,1.9.12)
|
|
| xenial |
Released
(1.9.3-2ubuntu1.3)
|