CVE-2022-24070 Subversion's mod_dav_svn is vulnerable to memory corruption. It may attempt to use memory which has already been freed.

CVE-2022-24070 Subversion's mod_dav_svn is vulnerable to memory corruption. It may attempt to use memory which has already been freed.

This may allow an attacker to execute arbitrary code on the server. How might I avoid this? It is recommended that you upgrade your Subversion installation to the latest version.

If you cannot upgrade your Subversion installation, then you can disable path-based authorization. You can do this by setting svn_auth_pwd_enable to Off in your Apache configuration. password-based authentication can be disabled by setting svn_auth_pwd_enable to Off. Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. This may allow an attacker to execute arbitrary code on the server.

What is Subversion?

Subversion is a version control system (VCS) that allows you to keep track of and manage software projects. It is used by software developers and IT projects teams to manage code. Subversion is designed to scale well, requires very little setup time, and can be installed on both Unix-like systems and Microsoft Windows.

Summary

The Subversion Apache module is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. This may allow an attacker to execute arbitrary code on the server.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe