{"containers": {"cna": {"affected": [{"product": "Apache Subversion", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "1.10.0 to 1.14.1"}]}], "credits": [{"lang": "en", "value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."}], "descriptions": [{"lang": "en", "value": "Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T05:06:35", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://issues.apache.org/jira/browse/SVN-4880"}, {"tags": ["x_refsource_MISC"], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"}, {"tags": ["x_refsource_MISC"], "url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"}, {"name": "DSA-5119", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5119"}, {"name": "FEDORA-2022-13cc09ecf2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"}, {"name": "FEDORA-2022-2af658b090", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT213345"}, {"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Jul/18"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Subversion mod_dav_svn is vulnerable to memory corruption", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-24070", "STATE": "PUBLIC", "TITLE": "Apache Subversion mod_dav_svn is vulnerable to memory corruption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Subversion", "version": {"version_data": [{"version_value": "1.10.0 to 1.14.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416 Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://issues.apache.org/jira/browse/SVN-4880", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/SVN-4880"}, {"name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861", "refsource": "MISC", "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"}, {"name": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife", "refsource": "MISC", "url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"}, {"name": "DSA-5119", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5119"}, {"name": "FEDORA-2022-13cc09ecf2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"}, {"name": "FEDORA-2022-2af658b090", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"}, {"name": "https://support.apple.com/kb/HT213345", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213345"}, {"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jul/18"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:59:23.785Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.apache.org/jira/browse/SVN-4880"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"}, {"name": "DSA-5119", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5119"}, {"name": "FEDORA-2022-13cc09ecf2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"}, {"name": "FEDORA-2022-2af658b090", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT213345"}, {"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Jul/18"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-24070", "datePublished": "2022-04-12T17:50:14", "dateReserved": "2022-01-27T00:00:00", "dateUpdated": "2024-08-03T03:59:23.785Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4BB582E-958E-4729-9EB9-EEAED5314FD2", "versionEndExcluding": "1.10.8", "versionStartIncluding": "1.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DBAEE04-1D22-41CB-8C32-5DDD29A42DC4", "versionEndExcluding": "1.14.2", "versionStartIncluding": "1.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFABC0C7-944C-4B46-A985-8B4F8BF93F54", "versionEndExcluding": "12.5", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."}, {"lang": "es", "value": "La funci\u00f3n mod_dav_svn de Subversion es vulnerable a una corrupci\u00f3n de memoria. Mientras buscan reglas de autorizaci\u00f3n basadas en rutas, los servidores mod_dav_svn pueden intentar usar memoria que ya ha sido liberada. Afecta a los servidores mod_dav_svn de Subversion 1.10.0 a 1.14.1 (inclusive). Los servidores que no usan mod_dav_svn no est\u00e1n afectados"}], "id": "CVE-2022-24070", "lastModified": "2024-11-21T06:49:45.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T18:15:09.137", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jul/18"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/SVN-4880"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213345"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jul/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/SVN-4880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5119"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Thomas Wei\u00c3\u0178schuh (cis-solutions.eu) as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:2234", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "subversion:1.10-8060020210901110943.68c8ceab", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-12T00:00:00Z"}, {"advisory": "RHSA-2022:4941", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "subversion:1.14-8060020210901110959.06c90725", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-06-08T00:00:00Z"}, {"advisory": "RHSA-2022:2237", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "subversion:1.10-8010020220506111511.fa3af259", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-05-12T00:00:00Z"}, {"advisory": "RHSA-2022:2236", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "subversion:1.10-8020020220506110653.f2093e77", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-05-12T00:00:00Z"}, {"advisory": "RHSA-2022:2222", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "subversion:1.10-8040020201106082712.e8604fa1", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:4722", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "subversion:1.14-8040020210210122209.491a7707", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4591", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "subversion-0:1.14.1-5.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-05-18T00:00:00Z"}], "bugzilla": {"description": "subversion: Subversion's mod_dav_svn is vulnerable to memory corruption", "id": "2074772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074772"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.", "A use-after-free vulnerability was found in Subversion in the mod_dav_svn Apache HTTP server (HTTPd) module. While looking up path-based authorization (authz) rules, multiple calls to the post_config hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue crashes the single HTTPd worker thread or the entire HTTPd server process, depending on the configuration of the Apache HTTPd server."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2022-24070", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2021-11-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-24070\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24070\nhttps://subversion.apache.org/security/CVE-2022-24070-advisory.txt"], "statement": "The vulnerable code was introduced in Subversion 1.10 as part of a new implementation of path-based authorization (authz). Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they ship an older version of Subversion.", "threat_severity": "Important"}