CVE-2014-3580

EPSS 13.7%

subversion - security update

Published: 12/18/2014Modified: 4/28/2026

Description

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

Affected packages (3)

Debian/subversionfrom 0, < 1.8.10-5
Debian/subversionfrom 0, < 1.6.12dfsg-7+deb6u1
Debian/subversionfrom 0, < 1.6.17dfsg-4+deb7u7

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3580