#VU32635 Buffer overflow in Subversion - CVE-2013-4131

Cybersecurity Help s.r.o.

Published: 2013-07-31 | Updated: 2020-07-28

Vulnerability identifier: #VU32635

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-4131

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Subversion
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation

Description

The vulnerability allows a remote #AU# to perform service disruption.

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Subversion: 1.7.0 alpha1 - 1.7.10

External links
https://lists.opensuse.org/opensuse-updates/2013-08/msg00000.html
https://subversion.apache.org/security/CVE-2013-4131-advisory.txt
https://www.securityfocus.com/bid/61454
https://bugzilla.redhat.com/show_bug.cgi?id=986194
https://exchange.xforce.ibmcloud.com/vulnerabilities/85983
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for subversion

Buffer overflow in subversion (Alpine package)

Buffer overflow in Subversion