CVE-2019-0203 log

Severity High
Remote Yes
Type Denial of service
A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.
Group Package Affected Fixed Severity Status Ticket
AVG-1016 subversion 1.12.0-3 1.12.2-1 High Fixed
Date Advisory Group Package Severity Type
16 Aug 2019 ASA-201908-10 AVG-1016 subversion High denial of service
The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.