CVE-2015-5343 : Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Published 2016-04-14 14:59:01

Updated 2019-02-12 20:07:19

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-5343

Probability of exploitation activity in the next 30 days: 94.96%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-5343

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.0	HIGH	AV:N/AC:L/Au:S/C:P/I:P/A:C	8.0	8.5	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Complete
7.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H	2.8	4.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE ids for CVE-2015-5343

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5343

http://www.securitytracker.com/id/1034470

Apache Subversion Heap Overflow in mod_dav_svn Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
http://www.debian.org/security/2015/dsa-3424

Debian -- Security Information -- DSA-3424-1 subversion
Third Party Advisory
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt

Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.405261

The Slackware Linux Project: Slackware Security Advisories
Third Party Advisory

Products affected by CVE-2015-5343

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Apache » Subversion
Versions from including (>=) 1.7.0 and up to, including, (<=) 1.7.20
cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Matching versions
Apache » Subversion
Versions from including (>=) 1.8.0 and before (<) 1.8.15
cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Matching versions
Apache » Subversion
Versions from including (>=) 1.9.0 and before (<) 1.9.3
cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-5343

Exploit prediction scoring system (EPSS) score for CVE-2015-5343

CVSS scores for CVE-2015-5343

CWE ids for CVE-2015-5343

References for CVE-2015-5343

Products affected by CVE-2015-5343