Your submission was sent successfully! Close

CVE-2020-17525

Published: 10 February 2021

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

From the Ubuntu security team

Thomas Ã…kesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
bionic
Released (1.9.7-4ubuntu1.1)
focal
Released (1.13.0-3ubuntu0.2)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(1.14.1-1)
impish Not vulnerable
(1.14.1-1)
jammy Not vulnerable
(1.14.1-1)
precise Not vulnerable
(code not present)
trusty Does not exist

upstream
Released (1.10.7, 1.14.1)
xenial
Released (1.9.3-2ubuntu1.3+esm1)
Binaries built from this source package are in Universe and so are supported by the community.