|Type||Denial of service|
A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.
|16 Aug 2019||ASA-201908-10||AVG-1016||subversion||High||denial of service|
The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.