CVE-2009-2411

Published: Aug 7, 2009Modified: Apr 23, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Affected (64)

Products: Subversion: Subversion

1 product

Configuration A

64 vulnerable

Vulnerable Software	Affected Versions
Subversion Subversion	Up to 1.5.6
Subversion Subversion	Version 0.22.1
Subversion Subversion	Version 0.23.0
Subversion Subversion	Version 0.24.0
Subversion Subversion	Version 0.24.1
Subversion Subversion	Version 0.24.2
Subversion Subversion	Version 0.25.0
Subversion Subversion	Version 0.27.0
Subversion Subversion	Version 0.28.0
Subversion Subversion	Version 0.28.1
Subversion Subversion	Version 0.28.2
Subversion Subversion	Version 0.29.0
Subversion Subversion	Version 0.30.0
Subversion Subversion	Version 0.31.0
Subversion Subversion	Version 0.32.0
Subversion Subversion	Version 0.32.1
Subversion Subversion	Version 0.33.0
Subversion Subversion	Version 0.33.1
Subversion Subversion	Version 0.34.0
Subversion Subversion	Version 0.35.0
Subversion Subversion	Version 0.35.1
Subversion Subversion	Version 0.36.0
Subversion Subversion	Version 0.37.0
Subversion Subversion	Version 1.0.0
Subversion Subversion	Version 1.0.1
Subversion Subversion	Version 1.0.2
Subversion Subversion	Version 1.0.3
Subversion Subversion	Version 1.0.4
Subversion Subversion	Version 1.0.5
Subversion Subversion	Version 1.0.6
Subversion Subversion	Version 1.0.7
Subversion Subversion	Version 1.0.8
Subversion Subversion	Version 1.0.9
Subversion Subversion	Version 1.0
Subversion Subversion	Version 1.1.0
Subversion Subversion	Version 1.1.0_rc1
Subversion Subversion	Version 1.1.0_rc2
Subversion Subversion	Version 1.1.0_rc3
Subversion Subversion	Version 1.1.1
Subversion Subversion	Version 1.1.2
Subversion Subversion	Version 1.1.3
Subversion Subversion	Version 1.1.4
Subversion Subversion	Version 1.2.0
Subversion Subversion	Version 1.2.1
Subversion Subversion	Version 1.2.2
Subversion Subversion	Version 1.2.3
Subversion Subversion	Version 1.3.0
Subversion Subversion	Version 1.3.1
Subversion Subversion	Version 1.3.2
Subversion Subversion	Version 1.4.0
Subversion Subversion	Version 1.4.1
Subversion Subversion	Version 1.4.2
Subversion Subversion	Version 1.4.3
Subversion Subversion	Version 1.4.4
Subversion Subversion	Version 1.4.5
Subversion Subversion	Version 1.5.0
Subversion Subversion	Version 1.5.1
Subversion Subversion	Version 1.5.3
Subversion Subversion	Version 1.5.4
Subversion Subversion	Version 1.5.5
Subversion Subversion	Version 1.6.0
Subversion Subversion	Version 1.6.1
Subversion Subversion	Version 1.6.2
Subversion Subversion	Version 1.6.3

Related CWEs

References (52)

http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: secalert@redhat.com

http://osvdb.org/56856

Source: secalert@redhat.com

http://secunia.com/advisories/36184

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/36224

Source: secalert@redhat.com

http://secunia.com/advisories/36232

Source: secalert@redhat.com

http://secunia.com/advisories/36257

Source: secalert@redhat.com

http://secunia.com/advisories/36262

Source: secalert@redhat.com

http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Source: secalert@redhat.com

http://support.apple.com/kb/HT3937

Source: secalert@redhat.com

http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES

Source: secalert@redhat.com

http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES

Source: secalert@redhat.com

http://svn.haxx.se/dev/archive-2009-08/0107.shtml

Source: secalert@redhat.com

http://svn.haxx.se/dev/archive-2009-08/0108.shtml

Source: secalert@redhat.com

http://svn.haxx.se/dev/archive-2009-08/0110.shtml

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1855

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:199

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-1203.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/35983

Source: secalert@redhat.com

http://www.securitytracker.com/id?1022697

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-812-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/2180

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3184

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/56856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36184

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/36224

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36232

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36257

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36262

Source: af854a3a-2127-422b-91ae-364da2661108

http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3937

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.haxx.se/dev/archive-2009-08/0107.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.haxx.se/dev/archive-2009-08/0108.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.haxx.se/dev/archive-2009-08/0110.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1855

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:199

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-1203.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35983

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022697

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-812-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/2180

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3184

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.