CVE-2009-2411
N/A
N/A
Summary
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- http://www.securitytracker.com/id?1022697
- http://www.vupen.com/english/advisories/2009/2180
- http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- http://secunia.com/advisories/36262
- http://secunia.com/advisories/36257
- http://secunia.com/advisories/36184
- http://www.ubuntu.com/usn/usn-812-1
- http://www.debian.org/security/2009/dsa-1855
- http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- http://secunia.com/advisories/36224
- http://www.securityfocus.com/bid/35983
- http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
- http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- http://www.redhat.com/support/errata/RHSA-2009-1203.html
- http://secunia.com/advisories/36232
- http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- http://www.vupen.com/english/advisories/2009/3184
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- http://osvdb.org/56856
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://support.apple.com/kb/HT3937
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
References
- http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- http://www.securitytracker.com/id?1022697
- http://www.vupen.com/english/advisories/2009/2180
- http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- http://secunia.com/advisories/36262
- http://secunia.com/advisories/36257
- http://secunia.com/advisories/36184
- http://www.ubuntu.com/usn/usn-812-1
- http://www.debian.org/security/2009/dsa-1855
- http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- http://secunia.com/advisories/36224
- http://www.securityfocus.com/bid/35983
- http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
- http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- http://www.redhat.com/support/errata/RHSA-2009-1203.html
- http://secunia.com/advisories/36232
- http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- http://www.vupen.com/english/advisories/2009/3184
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- http://osvdb.org/56856
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://support.apple.com/kb/HT3937
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.