3.5
CVSSv2

CVE-2010-4644

Published: 07/01/2011 Updated: 17/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Summary

Multiple memory leaks in rev_hunt.c in Apache Subversion prior to 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 0.6

apache subversion 0.7

apache subversion 0.8

apache subversion 0.9

apache subversion 0.10.0

apache subversion 0.10.1

apache subversion 0.10.2

apache subversion 0.11.1

apache subversion 0.12.0

apache subversion 0.13.0

apache subversion 0.13.1

apache subversion 0.13.2

apache subversion 0.14.0

apache subversion 0.14.1

apache subversion 0.14.2

apache subversion 0.14.3

apache subversion 0.14.4

apache subversion 0.14.5

apache subversion 0.15

apache subversion 0.16

apache subversion 0.16.1

apache subversion 0.17.0

apache subversion 0.17.1

apache subversion 0.18.0

apache subversion 0.18.1

apache subversion 0.19.0

apache subversion 0.19.1

apache subversion 0.20.0

apache subversion 0.20.1

apache subversion 0.21.0

apache subversion 0.22.0

apache subversion 0.22.1

apache subversion 0.22.2

apache subversion 0.23.0

apache subversion 0.24.0

apache subversion 0.24.1

apache subversion 0.24.2

apache subversion 0.25.0

apache subversion 0.26.0

apache subversion 0.27.0

apache subversion 0.28.0

apache subversion 0.28.1

apache subversion 0.28.2

apache subversion 0.29.0

apache subversion 0.30.0

apache subversion 0.31.0

apache subversion 0.32.1

apache subversion 0.33.0

apache subversion 0.33.1

apache subversion 0.34.0

apache subversion 0.35.0

apache subversion 0.35.1

apache subversion 0.36.0

apache subversion 0.37.0

apache subversion 1.0.0

apache subversion 1.0.1

apache subversion 1.0.2

apache subversion 1.0.3

apache subversion 1.0.4

apache subversion 1.0.5

apache subversion 1.0.6

apache subversion 1.0.7

apache subversion 1.0.8

apache subversion 1.0.9

apache subversion 1.1.0

apache subversion 1.1.1

apache subversion 1.1.2

apache subversion 1.1.3

apache subversion 1.1.4

apache subversion 1.2.0

apache subversion 1.2.1

apache subversion 1.2.2

apache subversion 1.2.3

apache subversion 1.3.0

apache subversion 1.3.1

apache subversion 1.3.2

apache subversion 1.4.0

apache subversion 1.4.1

apache subversion 1.4.2

apache subversion 1.4.3

apache subversion 1.4.4

apache subversion 1.4.5

apache subversion 1.4.6

apache subversion 1.5.0

apache subversion 1.5.1

apache subversion 1.5.2

apache subversion 1.5.3

apache subversion 1.5.4

apache subversion 1.5.5

apache subversion 1.5.6

apache subversion 1.5.7

apache subversion 1.5.8

apache subversion 1.6.0

apache subversion 1.6.1

apache subversion 1.6.2

apache subversion 1.6.3

apache subversion 1.6.4

apache subversion 1.6.5

apache subversion 1.6.6

apache subversion 1.6.7

apache subversion 1.6.8

apache subversion 1.6.9

apache subversion 1.6.10

apache subversion 1.6.11

apache subversion 1.6.12

apache subversion 1.6.13

apache subversion

apache subversion m1

apache subversion m2

apache subversion m3

apache subversion m4\\/m5

Vendor Advisories

Debian Bug report logs - #608989 CVE-2010-4539: mod_dav_svn DoS Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Wed, 5 Jan 2011 09:12:01 UTC Severity: ...
It was discovered that Subversion incorrectly handled certain ‘partial access’ privileges in rare scenarios Remote authenticated users could use this flaw to obtain sensitive information (revision properties) This issue only applied to Ubuntu 606 LTS (CVE-2007-2448) ...

References

CWE-399http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203@thepond.com%3Ehttp://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3Ehttp://openwall.com/lists/oss-security/2011/01/02/1http://openwall.com/lists/oss-security/2011/01/04/10http://openwall.com/lists/oss-security/2011/01/04/8http://openwall.com/lists/oss-security/2011/01/05/4http://secunia.com/advisories/42780http://secunia.com/advisories/42969http://secunia.com/advisories/43115http://secunia.com/advisories/43139http://secunia.com/advisories/43346http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGEShttp://svn.apache.org/viewvc?view=revision&revision=1032808http://svn.haxx.se/dev/archive-2010-11/0102.shtmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:006http://www.redhat.com/support/errata/RHSA-2011-0257.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0258.htmlhttp://www.securityfocus.com/bid/45655http://www.securitytracker.com/id?1024935http://www.ubuntu.com/usn/USN-1053-1http://www.vupen.com/english/advisories/2011/0015http://www.vupen.com/english/advisories/2011/0103http://www.vupen.com/english/advisories/2011/0162http://www.vupen.com/english/advisories/2011/0264https://exchange.xforce.ibmcloud.com/vulnerabilities/64473https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-4539https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989https://usn.ubuntu.com/1053-1/