Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities Network Vulnerability

Summary

The host is installed with Subversion and is prone to multiple Integer Overflow Vulnerabilities.

Impact

Attackers can exploit these issues to compromise an application using the library or crash the application, resulting into a denial of service conditions. Impact Level: Application

Solution

Apply the patch or Upgrade to Subversion version 1.5.7 or 1.6.4 http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt http://subversion.tigris.org/project_packages.html ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The flaws are due to input validation errors in the processing of svndiff streams in the 'libsvn_delta' library.

Affected

Subversion version 1.5.6 and prior Subversion version 1.6.0 through 1.6.3

References

http://secunia.com/advisories/36184/
http://securitytracker.com/alerts/2009/Aug/1022697.html
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2411
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
Amarok Player Multiple Vulnerabilities
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
Bopup Communication Server Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities