Vulnerability Details : CVE-2009-2411
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-2411
- cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2411
6.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2411
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2009-2411
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2411
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
[SECURITY] Fedora 11 Update: subversion-1.6.4-2.fc11
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
Mandriva
-
http://secunia.com/advisories/36232
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/3184
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/35983
-
http://www.redhat.com/support/errata/RHSA-2009-1203.html
Support
-
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
Subversion Dev: Subversion 1.5.7 Released
-
http://secunia.com/advisories/36257
About Secunia Research | Flexera
-
http://www.securitytracker.com/id?1022697
GoDaddy Domain Name Search
-
http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
503 Backend unavailable, connection timeout
-
http://secunia.com/advisories/36262
About Secunia Research | Flexera
-
http://secunia.com/advisories/36224
About Secunia Research | Flexera
-
http://support.apple.com/kb/HT3937
Page Not Found - Apple Support
-
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
Subversion Dev: Subversion 1.6.4 Released
-
http://osvdb.org/56856
-
http://secunia.com/advisories/36184
About Secunia Research | FlexeraVendor Advisory
-
http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
503 Backend unavailable, connection timeout
-
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
Subversion Dev: Patch to 1.4.x branch for CVE-2009-2411
-
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
-
http://www.debian.org/security/2009/dsa-1855
[SECURITY] [DSA 1855-1] New subversion packages fix arbitrary code execution
-
http://www.ubuntu.com/usn/usn-812-1
500: Server error | Ubuntu
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
[SECURITY] Fedora 10 Update: subversion-1.6.4-2.fc10
-
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
-
http://www.vupen.com/english/advisories/2009/2180
Site en constructionVendor Advisory
-
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
404 Not Found
Jump to