CVE-2019-0203
Published: 31 July 2019
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
From the Ubuntu Security Team
Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
subversion Launchpad, Ubuntu, Debian |
bionic |
Released
(1.9.7-4ubuntu1.1)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Not vulnerable
(1.10.6-1)
|
|
| focal |
Not vulnerable
(1.10.6-1)
|
|
| groovy |
Not vulnerable
(1.10.6-1)
|
|
| hirsute |
Not vulnerable
(1.10.6-1)
|
|
| impish |
Not vulnerable
(1.10.6-1)
|
|
| jammy |
Not vulnerable
(1.10.6-1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(1.12.2,1.10.6,1.9.12)
|
|
| xenial |
Released
(1.9.3-2ubuntu1.3)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |