High severity7.6NVD Advisory· Published Apr 14, 2016· Updated May 6, 2026

CVE-2015-5343

Description

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Affected products

Apache/Subversion
cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Range: >=1.7.0,<=1.7.20
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

subversion.apache.org/security/CVE-2015-5343-advisory.txtnvdVendor Advisory
www.debian.org/security/2015/dsa-3424nvdThird Party Advisory
www.securitytracker.com/id/1034470nvdThird Party AdvisoryVDB Entry
www.slackware.com/security/viewer.phpnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000