NULL Pointer Dereference Affecting subversion-gnome package, versions <0:1.10.2-4.module+el8.3.0+9645+c2a98c55

Q: How to fix?

<p>Upgrade <code>Oracle:8</code> <code>subversion-gnome</code> to version 0:1.10.2-4.module+el8.3.0+9645+c2a98c55 or higher.<br>This issue was patched in <code>ELSA-2021-0507</code>.</p>

Threat Intelligence

0.7% (81^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-ORACLE8-SUBVERSIONGNOME-2580506
published 10 Apr 2022
disclosed 17 Mar 2021

Report a new vulnerability Found a mistake?

Introduced: 17 Mar 2021

CVE-2020-17525 Open this link in a new tab CWE-476 Open this link in a new tab

How to fix?

Upgrade Oracle:8 subversion-gnome to version 0:1.10.2-4.module+el8.3.0+9645+c2a98c55 or higher.
This issue was patched in ELSA-2021-0507.

NVD Description

Note: Versions mentioned in the description apply only to the upstream subversion-gnome package and not the subversion-gnome package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High

NULL Pointer Dereference Affecting subversion-gnome package, versions <0:1.10.2-4.module+el8.3.0+9645+c2a98c55

Severity

Based on Oracle Linux security rating