Unrated severityNVD Advisory· Published Aug 7, 2009· Updated Apr 23, 2026
CVE-2009-2411
CVE-2009-2411
Description
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Affected products
64cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*+ 63 more
- cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*range: <=1.5.6
- cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
26- secunia.com/advisories/36184nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2180nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2009-08/0056.htmlnvd
- lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlnvd
- osvdb.org/56856nvd
- secunia.com/advisories/36224nvd
- secunia.com/advisories/36232nvd
- secunia.com/advisories/36257nvd
- secunia.com/advisories/36262nvd
- subversion.tigris.org/security/CVE-2009-2411-advisory.txtnvd
- support.apple.com/kb/HT3937nvd
- svn.collab.net/repos/svn/tags/1.5.7/CHANGESnvd
- svn.collab.net/repos/svn/tags/1.6.4/CHANGESnvd
- svn.haxx.se/dev/archive-2009-08/0107.shtmlnvd
- svn.haxx.se/dev/archive-2009-08/0108.shtmlnvd
- svn.haxx.se/dev/archive-2009-08/0110.shtmlnvd
- www.debian.org/security/2009/dsa-1855nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2009-1203.htmlnvd
- www.securityfocus.com/bid/35983nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-812-1nvd
- www.vupen.com/english/advisories/2009/3184nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465nvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.htmlnvd
News mentions
0No linked articles in our index yet.