CVE-2019-0203 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1016	subversion	1.12.0-3	1.12.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
16 Aug 2019	ASA-201908-10	AVG-1016	subversion	High	denial of service

References
http://subversion.apache.org/security/CVE-2019-0203-advisory.txt

Notes
The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.

Notes

The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.