INFSA-2022:4591: subversion security update
Information about definition
Identificator: INFSA-2022:4591
Type: security
Release date: 2025-03-05 17:03:15 UTC
Information about package
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Vulnerabilities description
- CVE-2022-24070
A use-after-free vulnerability was found in Subversion in the mod_dav_svn Apache HTTP server (HTTPd) module. While looking up path-based authorization (authz) rules, multiple calls to the post_config hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue crashes the single HTTPd worker thread or the entire HTTPd server process, depending on the configuration of the Apache HTTPd server.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-24070
|
no information | 7.5 | no information |
Updated packages