{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[dev] 20090806 Subversion 1.5.7 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"}, {"name": "1022697", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022697"}, {"name": "ADV-2009-2180", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2180"}, {"name": "20090807 Subversion heap overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"}, {"name": "36262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36262"}, {"name": "36257", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36257"}, {"name": "36184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36184"}, {"name": "USN-812-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-812-1"}, {"name": "DSA-1855", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1855"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"}, {"name": "36224", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36224"}, {"name": "35983", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35983"}, {"name": "[dev] 20090806 Subversion 1.6.4 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"}, {"name": "FEDORA-2009-8449", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"}, {"name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"}, {"name": "RHSA-2009:1203", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"}, {"name": "36232", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36232"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"}, {"name": "ADV-2009-3184", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"name": "MDVSA-2009:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"}, {"name": "oval:org.mitre.oval:def:11465", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"}, {"name": "56856", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/56856"}, {"name": "APPLE-SA-2009-11-09-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3937"}, {"name": "FEDORA-2009-8432", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:15.197Z"}, "title": "CVE Program Container", "references": [{"name": "[dev] 20090806 Subversion 1.5.7 Released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"}, {"name": "1022697", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022697"}, {"name": "ADV-2009-2180", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2180"}, {"name": "20090807 Subversion heap overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"}, {"name": "36262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36262"}, {"name": "36257", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36257"}, {"name": "36184", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36184"}, {"name": "USN-812-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-812-1"}, {"name": "DSA-1855", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1855"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"}, {"name": "36224", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36224"}, {"name": "35983", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35983"}, {"name": "[dev] 20090806 Subversion 1.6.4 Released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"}, {"name": "FEDORA-2009-8449", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"}, {"name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"}, {"name": "RHSA-2009:1203", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"}, {"name": "36232", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36232"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"}, {"name": "ADV-2009-3184", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"name": "MDVSA-2009:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"}, {"name": "oval:org.mitre.oval:def:11465", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"}, {"name": "56856", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/56856"}, {"name": "APPLE-SA-2009-11-09-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3937"}, {"name": "FEDORA-2009-8432", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-2411", "datePublished": "2009-08-07T19:00:00", "dateReserved": "2009-07-09T00:00:00", "dateUpdated": "2024-08-07T05:52:15.197Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "0434A631-5531-4C32-B5C5-730CA1890441", "versionEndIncluding": "1.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "46EA6517-6361-449E-8A50-3E8706A71211", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "473B6660-AED8-4805-A48F-F4A18A4AB94F", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F087A7F-7D7D-4377-B7CD-FC0775A33568", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*", "matchCriteriaId": "00E49F61-BC1D-4B0F-859F-89C331DA0E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*", "matchCriteriaId": "D44285DE-6FD7-4B0D-9715-1E6D31FAB6BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D18EA18-8EB3-4924-B428-A4D329A87C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "48BB82A4-223F-43E3-8EE2-BA6276F51A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE0D2D18-5141-4070-9390-2027967CBD4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "07F3F14A-AD74-4318-A830-08DED8189E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*", "matchCriteriaId": "56ADDE86-635F-4F24-A320-CBBE076BA182", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "56AD9198-B051-4E0E-9B0B-CE99346EFF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "A81E5045-969D-4064-A7DB-9F902D600251", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "61B5A517-AAD4-44AE-8B1B-F1BA3F9C21B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "5342EE15-7AAD-4666-BEFB-172A7CE5BC96", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "71AD1DC9-1BEA-4C81-A4EF-B78B2344C65E", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "01A71B55-7F08-40BD-A60E-4EF679388B1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*", "matchCriteriaId": "39AA93C8-0CC1-46D0-8B67-2A3846BBDA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC08C9E-DC76-4F5E-9CA2-7952CC332EB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BB20C00-C6D6-4175-B659-018C4F4A1167", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "139E706E-202C-45B4-A5E3-2CDEEA14E20B", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF79BC49-E4CD-4DCA-860F-A27F0371D4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C12BDC3-6B07-47DD-96C8-1FA9F4B7BFE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F10E314-3897-4A63-AE40-F4E34C3F0BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD801B94-DBE2-4A65-9428-8D4FC581866A", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "47B95A69-2535-4844-B819-082D4349708C", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "930953B4-E972-48FB-913B-169E91F93FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B41D875-F515-4A3F-9AA5-79BD09F74C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A8CCC20-8986-4028-B125-66F371A4A1D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6E07F13C-A6FC-49E8-B10E-E4FC1F182DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "04AB9C70-10CB-460B-91AD-1D79C9153194", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E1E718DB-2A79-4277-BA15-6E6A904E483A", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "9E10F1DA-64E9-4567-8727-3AE8A6788A23", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "3A8CED53-EC94-480C-BCBD-EE045F0AA2A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "27FC24BB-5BF3-4A25-A5C0-F5A224736F77", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "286B7EBD-D663-440C-859B-1E0EE839AEB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "408EC889-4D8B-49FC-9281-AC85559BB774", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "F1E2A83E-A244-4F1E-85E9-6EA075D32C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "212AC756-866F-43F6-9659-61554824B884", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B612E0A1-C0F8-4E69-B32C-356ADE7F82E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "19B8E241-9E28-4627-8FBB-18CF5D12B11C", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C3D528D6-37F5-40D0-BAF2-CCA214862C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E73FF73-1F94-4657-83E2-375311A94440", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2FAC312-66F0-4C9E-95DF-0C61F07A834D", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC9E80F6-728C-4474-AB90-23DF119E83DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "051434CF-6B62-4C29-B71A-C8800F048A07", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "339A1BAC-F631-4355-9889-CE5EAC2FCB46", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "72315FB6-EDB2-43AB-9DA8-E27118C84C08", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C099833-CC13-47DD-9E6A-E10BF8103401", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EAF74121-52AC-4EA8-9B51-BA68ED766ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC6B791F-2DB2-4428-80DB-3203FD8868ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE0754E5-044C-445B-846F-1B7C7664F6BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D938FBF-02E3-4713-A7DB-7C552C65471C", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A882A7B-5E03-4FC4-A92E-3681C67A0CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4AF0C2C6-5FC0-4FB2-B31C-B9174789F904", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3D435D7-F523-4B8B-988F-37F85DA7ECCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5CCBE47-1BD4-494A-8B9B-CB062F9741B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "457BD304-23A2-4FB4-AE9F-9F462DC27DD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7899D782-7544-4113-AE78-B724689EDC74", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "85E5887A-A560-40AA-96D4-45D65D9A9C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C461DA24-27D3-44C6-A5A3-17716616C696", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FBF9A45-958C-4C65-B8AE-A7214D6A6922", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DE31846-6A08-47D5-8D20-D627DED5D8E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "45B6D800-A4A5-4835-941C-31C3FD00D5F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en la biblioteca libsvn_delta en Subversion anterior a v1.5.7 y v1.6.x anterior a v1.6.4, permite a los usuarios remotos autenticados y a los servidores Subversion remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un flujo (stream) svndiff con grandes ventanas que desencadenan un desbordamiento de b\u00fafer basado en memoria din\u00e1mica, una cuesti\u00f3n relacionada con CVE-2009-2412."}], "id": "CVE-2009-2411", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-07T19:30:00.297", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/56856"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36184"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36224"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36232"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36257"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36262"}, {"source": "secalert@redhat.com", "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT3937"}, {"source": "secalert@redhat.com", "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"}, {"source": "secalert@redhat.com", "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"}, {"source": "secalert@redhat.com", "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"}, {"source": "secalert@redhat.com", "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"}, {"source": "secalert@redhat.com", "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2009/dsa-1855"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/35983"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1022697"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-812-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2180"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-812-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1203", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "subversion-0:1.1.4-3.el4_8.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-08-10T00:00:00Z"}, {"advisory": "RHSA-2009:1203", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "subversion-0:1.4.2-4.el5_3.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-08-10T00:00:00Z"}], "bugzilla": {"description": "subversion: multiple heap overflow issues", "id": "514744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514744"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "details": ["Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."], "name": "CVE-2009-2411", "public_date": "2009-08-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2411\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2411"], "threat_severity": "Important"}