CVE-2013-1845: Buffer Overflow
First published: Fri Mar 29 2013(Updated: )
It was found that Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. Setting or deleting a large number of properties on a node (file or directory) will result in a large amount of memory use. Due to the memory pooling behavior of Apache httpd and Subversion the completion of the request will not result in the immediate release of memory used. Repeated commits with the same properties will result in each httpd process plateauing out at some amount of memory. This could result in a Denial of Service if the system is exhausted of all available memory. Acknowledgements: Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Alexander Klink as the original reporter of this flaw.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Subversion | <1.6.21 | 1.6.21 |
| redhat/Subversion | <1.7.9 | 1.7.9 |
| Apache Subversion | =1.6.0 | |
| Apache Subversion | =1.6.1 | |
| Apache Subversion | =1.6.2 | |
| Apache Subversion | =1.6.3 | |
| Apache Subversion | =1.6.4 | |
| Apache Subversion | =1.6.5 | |
| Apache Subversion | =1.6.6 | |
| Apache Subversion | =1.6.7 | |
| Apache Subversion | =1.6.8 | |
| Apache Subversion | =1.6.9 | |
| Apache Subversion | =1.6.10 | |
| Apache Subversion | =1.6.11 | |
| Apache Subversion | =1.6.12 | |
| Apache Subversion | =1.6.13 | |
| Apache Subversion | =1.6.14 | |
| Apache Subversion | =1.6.15 | |
| Apache Subversion | =1.6.16 | |
| Apache Subversion | =1.6.17 | |
| Apache Subversion | =1.6.18 | |
| Apache Subversion | =1.6.19 | |
| Apache Subversion | =1.6.20 | |
| Apache Subversion | =1.7.0 | |
| Apache Subversion | =1.7.1 | |
| Apache Subversion | =1.7.2 | |
| Apache Subversion | =1.7.3 | |
| Apache Subversion | =1.7.4 | |
| Apache Subversion | =1.7.5 | |
| Apache Subversion | =1.7.6 | |
| Apache Subversion | =1.7.7 | |
| Apache Subversion | =1.7.8 | |
| openSUSE openSUSE | =12.1 | |
| openSUSE openSUSE | =12.2 | |
| openSUSE openSUSE | =12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E
- http://rhn.redhat.com/errata/RHSA-2013-0737.html
- http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:153
- http://www.ubuntu.com/usn/USN-1893-1
- https://bugzilla.redhat.com/show_bug.cgi?id=929082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18973
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=717966&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=717966&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=717967&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=717967&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=948813
- https://rhn.redhat.com/errata/RHSA-2013-0737.html
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1845
- agent/software-canonical-lookup
- agent/tags
- agent/event
- vendor/apache
- canonical/apache subversion
- version/apache subversion/1.6.0
- version/apache subversion/1.6.1
- version/apache subversion/1.6.2
- version/apache subversion/1.6.3
- version/apache subversion/1.6.4
- version/apache subversion/1.6.5
- version/apache subversion/1.6.6
- version/apache subversion/1.6.7
- version/apache subversion/1.6.8
- version/apache subversion/1.6.9
- version/apache subversion/1.6.10
- version/apache subversion/1.6.11
- version/apache subversion/1.6.12
- version/apache subversion/1.6.13
- version/apache subversion/1.6.14
- version/apache subversion/1.6.15
- version/apache subversion/1.6.16
- version/apache subversion/1.6.17
- version/apache subversion/1.6.18
- version/apache subversion/1.6.19
- version/apache subversion/1.6.20
- version/apache subversion/1.7.0
- version/apache subversion/1.7.1
- version/apache subversion/1.7.2
- version/apache subversion/1.7.3
- version/apache subversion/1.7.4
- version/apache subversion/1.7.5
- version/apache subversion/1.7.6
- version/apache subversion/1.7.7
- version/apache subversion/1.7.8
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/12.1
- version/opensuse opensuse/12.2
- version/opensuse opensuse/12.3
- package-manager/redhat