Unrated severityNVD Advisory· Published Mar 17, 2021· Updated Feb 13, 2025
Remote unauthenticated denial-of-service in Subversion mod_authz_svn
CVE-2020-17525
Description
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32<=1.14.0, <=1.10.6 (excluding fixed versions 1.14.1 and 1.10.7)+ 1 more
- (no CPE)range: <=1.14.0, <=1.10.6 (excluding fixed versions 1.14.1 and 1.10.7)
- (no CPE)range: mod_authz_svn
- osv-coords30 versionspkg:bitnami/subversionpkg:rpm/almalinux/libserfpkg:rpm/almalinux/mod_dav_svnpkg:rpm/almalinux/subversionpkg:rpm/almalinux/subversion-develpkg:rpm/almalinux/subversion-gnomepkg:rpm/almalinux/subversion-javahlpkg:rpm/almalinux/subversion-libspkg:rpm/almalinux/subversion-perlpkg:rpm/almalinux/subversion-toolspkg:rpm/almalinux/utf8procpkg:rpm/opensuse/subversion&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/subversion&distro=openSUSE%20Tumbleweedpkg:rpm/suse/subversion&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Server%204.0
>= 1.9.0, < 1.10.7+ 29 more
- (no CPE)range: >= 1.9.0, < 1.10.7
- (no CPE)range: < 1.3.9-9.module_el8.3.0+2053+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.5.0+73+aa7e29ed
- (no CPE)range: < 1.10.2-4.module_el8.4.0+2266+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.5.0+73+aa7e29ed
- (no CPE)range: < 1.10.2-4.module_el8.3.0+2053+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.3.0+2053+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.4.0+2266+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.3.0+2053+ac338b6d
- (no CPE)range: < 1.10.2-4.module_el8.5.0+73+aa7e29ed
- (no CPE)range: < 2.1.1-5.module_el8.4.0+2266+ac338b6d
- (no CPE)range: < 1.10.6-lp152.2.9.1
- (no CPE)range: < 1.14.1-1.11
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.3.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
- (no CPE)range: < 1.10.6-3.15.1
Patches
Vulnerability mechanics
References
2- lists.debian.org/debian-lts-announce/2021/05/msg00000.htmlmitremailing-listx_refsource_MLIST
- subversion.apache.org/security/CVE-2020-17525-advisory.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.