[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2411Date: (C)2009-08-07   (M)2023-12-22


Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.5
Exploit Score: 6.8
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022697
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
BID-35983
SECUNIA-36184
SECUNIA-36224
SECUNIA-36232
SECUNIA-36257
SECUNIA-36262
OSVDB-56856
ADV-2009-2180
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1855
FEDORA-2009-8432
FEDORA-2009-8449
MDVSA-2009:199
RHSA-2009:1203
USN-812-1
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
http://support.apple.com/kb/HT3937
http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
oval:org.mitre.oval:def:11465

CWE    1
CWE-189
OVAL    12
oval:org.secpod.oval:def:300730
oval:org.mitre.oval:def:8147
oval:org.secpod.oval:def:700442
oval:org.secpod.oval:def:201974
...

© SecPod Technologies