Input validation error in subversion (Alpine package)



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2014-0032
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		subversion (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU32573

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0032

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

Mitigation

Install update from vendor's website.

Vulnerable software versions

subversion (Alpine package): 1.7.7-r0 - 1.7.13-r0

CPE2.3 External links

http://git.alpinelinux.org/aports/commit/?id=6d009de01b5f285b023c73ae643bfaaa0435e5af
http://git.alpinelinux.org/aports/commit/?id=48505d9504858193f17f61dde0799de9dfff7c6c
http://git.alpinelinux.org/aports/commit/?id=ddb14202fd187cde4f1bd4c5ffe322364b71eaa9
http://git.alpinelinux.org/aports/commit/?id=856ed3ee75cfe016fe76d83c1929d05ea7e09763


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###