Unrated severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024
Apache Subversion mod_dav_svn is vulnerable to memory corruption
CVE-2022-24070
Description
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
381.10.0 - 1.14.1+ 1 more
- (no CPE)range: 1.10.0 - 1.14.1
- (no CPE)range: 1.10.0 to 1.14.1
- osv-coords36 versionspkg:bitnami/subversionpkg:rpm/almalinux/libserfpkg:rpm/almalinux/mod_dav_svnpkg:rpm/almalinux/subversionpkg:rpm/almalinux/subversion-develpkg:rpm/almalinux/subversion-gnomepkg:rpm/almalinux/subversion-javahlpkg:rpm/almalinux/subversion-libspkg:rpm/almalinux/subversion-perlpkg:rpm/almalinux/subversion-toolspkg:rpm/almalinux/utf8procpkg:rpm/opensuse/subversion&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/subversion&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/subversion&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Server%204.1
>= 1.10.0, < 1.10.8+ 35 more
- (no CPE)range: >= 1.10.0, < 1.10.8
- (no CPE)range: < 1.3.9-9.module_el8.3.0+2053+ac338b6d
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.6.0+2897+d2f1747f
- (no CPE)range: < 1.10.2-5.module_el8.5.0+2896+dbb67bd2
- (no CPE)range: < 1.10.2-5.module_el8.6.0+2897+d2f1747f
- (no CPE)range: < 2.1.1-5.module_el8.4.0+2266+ac338b6d
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-3.6.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2022/dsa-5119mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2022/Jul/18mitremailing-listx_refsource_FULLDISC
- bz.apache.org/bugzilla/show_bug.cgimitrex_refsource_MISC
- cwiki.apache.org/confluence/display/HTTPD/ModuleLifemitrex_refsource_MISC
- issues.apache.org/jira/browse/SVN-4880mitrex_refsource_MISC
- support.apple.com/kb/HT213345mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.