Lucene search

RedhatCVE-2009-2411

HistoryAug 07, 2009 - 7:30 p.m.

CVE-2009-2411

2009-08-0719:30:00

CWE-189

redhat

web.nvd.nist.gov

cve-2009-2411

libsvn_delta

subversion

integer overflow

code execution

svndiff

heap-based buffer overflow

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.148

Percentile

95.9%

JSON

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Affected configurations

Nvd

Node

subversionsubversionRange≤1.5.6

subversionsubversionMatch0.22.1

subversionsubversionMatch0.23.0

subversionsubversionMatch0.24.0

subversionsubversionMatch0.24.1

subversionsubversionMatch0.24.2

subversionsubversionMatch0.25.0

subversionsubversionMatch0.27.0

subversionsubversionMatch0.28.0

subversionsubversionMatch0.28.1

subversionsubversionMatch0.28.2

subversionsubversionMatch0.29.0

subversionsubversionMatch0.30.0

subversionsubversionMatch0.31.0

subversionsubversionMatch0.32.0

subversionsubversionMatch0.32.1

subversionsubversionMatch0.33.0

subversionsubversionMatch0.33.1

subversionsubversionMatch0.34.0

subversionsubversionMatch0.35.0

subversionsubversionMatch0.35.1

subversionsubversionMatch0.36.0

subversionsubversionMatch0.37.0

subversionsubversionMatch1.0

subversionsubversionMatch1.0.0

subversionsubversionMatch1.0.1

subversionsubversionMatch1.0.2

subversionsubversionMatch1.0.3

subversionsubversionMatch1.0.4

subversionsubversionMatch1.0.5

subversionsubversionMatch1.0.6

subversionsubversionMatch1.0.7

subversionsubversionMatch1.0.8

subversionsubversionMatch1.0.9

subversionsubversionMatch1.1.0

subversionsubversionMatch1.1.0_rc1

subversionsubversionMatch1.1.0_rc2

subversionsubversionMatch1.1.0_rc3

subversionsubversionMatch1.1.1

subversionsubversionMatch1.1.2

subversionsubversionMatch1.1.3

subversionsubversionMatch1.1.4

subversionsubversionMatch1.2.0

subversionsubversionMatch1.2.1

subversionsubversionMatch1.2.2

subversionsubversionMatch1.2.3

subversionsubversionMatch1.3.0

subversionsubversionMatch1.3.1

subversionsubversionMatch1.3.2

subversionsubversionMatch1.4.0

subversionsubversionMatch1.4.1

subversionsubversionMatch1.4.2

subversionsubversionMatch1.4.3

subversionsubversionMatch1.4.4

subversionsubversionMatch1.4.5

subversionsubversionMatch1.5.0

subversionsubversionMatch1.5.1

subversionsubversionMatch1.5.3

subversionsubversionMatch1.5.4

subversionsubversionMatch1.5.5

subversionsubversionMatch1.6.0

subversionsubversionMatch1.6.1

subversionsubversionMatch1.6.2

subversionsubversionMatch1.6.3

VendorProductVersionCPE
subversionsubversion*cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
subversionsubversion0.22.1cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*
subversionsubversion0.23.0cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*
subversionsubversion0.24.0cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*
subversionsubversion0.24.1cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*
subversionsubversion0.24.2cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*
subversionsubversion0.25.0cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*
subversionsubversion0.27.0cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*
subversionsubversion0.28.0cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*
subversionsubversion0.28.1cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
subversion	subversion	*	cpe:2.3:a:subversion:subversion::::::::
subversion	subversion	0.22.1	cpe:2.3:a:subversion:subversion:0.22.1:::::::*
subversion	subversion	0.23.0	cpe:2.3:a:subversion:subversion:0.23.0:::::::*
subversion	subversion	0.24.0	cpe:2.3:a:subversion:subversion:0.24.0:::::::*
subversion	subversion	0.24.1	cpe:2.3:a:subversion:subversion:0.24.1:::::::*
subversion	subversion	0.24.2	cpe:2.3:a:subversion:subversion:0.24.2:::::::*
subversion	subversion	0.25.0	cpe:2.3:a:subversion:subversion:0.25.0:::::::*
subversion	subversion	0.27.0	cpe:2.3:a:subversion:subversion:0.27.0:::::::*
subversion	subversion	0.28.0	cpe:2.3:a:subversion:subversion:0.28.0:::::::*
subversion	subversion	0.28.1	cpe:2.3:a:subversion:subversion:0.28.1:::::::*