CVE-2009-2411

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-2411
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-2411.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-2411
Related
Published
2009-08-07T19:30:00Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

References

Affected packages

Debian:11 / subversion

Package

Name
subversion
Purl
pkg:deb/debian/subversion?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.4dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / subversion

Package

Name
subversion
Purl
pkg:deb/debian/subversion?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.4dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / subversion

Package

Name
subversion
Purl
pkg:deb/debian/subversion?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.4dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}