Your submission was sent successfully! Close

CVE-2022-24070

Published: 12 April 2021

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

From the Ubuntu security team

Thomas Wei├čschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1.13.0-3ubuntu0.1)
impish
Released (1.14.1-3ubuntu0.1)
jammy Needs triage

upstream
Released (1.14.2 and 1.10.8)
xenial Not vulnerable
(code not present)