CVE-2018-11782 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | Subversion svn:// connections, including svn+ssh:// and svn+<custom>://, use a custom network protocol [1] with Lisp-like syntax. The code implementing the protocol has dedicated codepaths for serialization of revision numbers into protocol integers. A particular client query could cause the server to attempt to reply with a revision number whose value is the invalid revision number constant `SVN_INVALID_REVNUM`, thereby triggering an assertion failure in the the serialization layer. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1016 | subversion | 1.12.0-3 | 1.12.2-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 16 Aug 2019 | ASA-201908-10 | AVG-1016 | subversion | High | denial of service |
| References |
|---|
http://subversion.apache.org/security/CVE-2018-11782-advisory.txt |