Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
subversion | ge | 1.7.0 | |
subversion | le | 1.7.20 | |
subversion | ge | 1.8.0 | |
subversion | lt | 1.8.15 | |
subversion | ge | 1.9.0 | |
subversion | lt | 1.9.3 | |
debian_linux | eq | 8.0 |