CVE-2019-0203 - log back

CVE-2019-0203 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.
References
+ http://subversion.apache.org/security/CVE-2019-0203-advisory.txt
Notes
+ The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.