Apache Subversion mod_dav_svn is vulnerable to memory corruption
CVE-2022-24070

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Subversion
Vendor: CVE Published:; 12 April 2022

Summary

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

Affected Version(s)

Apache Subversion 1.10.0 to 1.14.1

References

https://issues.apache.org/jira/browse/SVN-4880

x_refsource_MISC

https://bz.apache.org/bugzilla/show_bug.cgi?id=65861

x_refsource_MISC

https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Jan 27, 2022

Credit

Apache Subversion would like to thank Thomas Weißschuh, cis-solutions.eu.

.