Vulnerability-Lookup

CVE-2009-2411 (GCVE-0-2009-2411)

Vulnerability from cvelistv5 – Published: 2009-08-07 19:00 – Updated: 2024-08-07 05:52

Summary

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://svn.haxx.se/dev/archive-2009-08/0108.shtml	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id?1022697	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2009/2180	vdb-entryx_refsource_VUPEN
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/36262	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/36257	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/36184	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-812-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2009/dsa-1855	vendor-advisoryx_refsource_DEBIAN
	http://subversion.tigris.org/security/CVE-2009-24…	x_refsource_CONFIRM
	http://secunia.com/advisories/36224	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/35983	vdb-entryx_refsource_BID
	http://svn.haxx.se/dev/archive-2009-08/0107.shtml	mailing-listx_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://svn.haxx.se/dev/archive-2009-08/0110.shtml	mailing-listx_refsource_MLIST
	http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2009-12…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/36232	third-party-advisoryx_refsource_SECUNIA
	http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://osvdb.org/56856	vdb-entryx_refsource_OSVDB
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[dev] 20090806 Subversion 1.5.7 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
          },
          {
            "name": "1022697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022697"
          },
          {
            "name": "ADV-2009-2180",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2180"
          },
          {
            "name": "20090807 Subversion heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
          },
          {
            "name": "36262",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36262"
          },
          {
            "name": "36257",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36257"
          },
          {
            "name": "36184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36184"
          },
          {
            "name": "USN-812-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-812-1"
          },
          {
            "name": "DSA-1855",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1855"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
          },
          {
            "name": "36224",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36224"
          },
          {
            "name": "35983",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35983"
          },
          {
            "name": "[dev] 20090806 Subversion 1.6.4 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
          },
          {
            "name": "FEDORA-2009-8449",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
          },
          {
            "name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
          },
          {
            "name": "RHSA-2009:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
          },
          {
            "name": "36232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "MDVSA-2009:199",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
          },
          {
            "name": "oval:org.mitre.oval:def:11465",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
          },
          {
            "name": "56856",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56856"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "FEDORA-2009-8432",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[dev] 20090806 Subversion 1.5.7 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
        },
        {
          "name": "1022697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022697"
        },
        {
          "name": "ADV-2009-2180",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2180"
        },
        {
          "name": "20090807 Subversion heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
        },
        {
          "name": "36262",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36262"
        },
        {
          "name": "36257",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36257"
        },
        {
          "name": "36184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36184"
        },
        {
          "name": "USN-812-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-812-1"
        },
        {
          "name": "DSA-1855",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1855"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
        },
        {
          "name": "36224",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36224"
        },
        {
          "name": "35983",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35983"
        },
        {
          "name": "[dev] 20090806 Subversion 1.6.4 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
        },
        {
          "name": "FEDORA-2009-8449",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
        },
        {
          "name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
        },
        {
          "name": "RHSA-2009:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
        },
        {
          "name": "36232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "MDVSA-2009:199",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
        },
        {
          "name": "oval:org.mitre.oval:def:11465",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
        },
        {
          "name": "56856",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56856"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        },
        {
          "name": "FEDORA-2009-8432",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2411",
    "datePublished": "2009-08-07T19:00:00.000Z",
    "dateReserved": "2009-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:52:15.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-487

Vulnerability from certfr_avis - Published: 2009-11-10 - Updated: 2009-11-10

De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.

Description

L'éditeur Apple a publié un ensemble de correctifs pour les applications livrées avec son système d'exploitation Mac OS X. L'exploitation des vulnérabilités par une personne malintentionnée pourrait permettre, entre autres, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3937 du 09 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
    },
    {
      "name": "CVE-2009-3293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
    },
    {
      "name": "CVE-2009-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
    },
    {
      "name": "CVE-2009-2839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
    },
    {
      "name": "CVE-2009-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
    },
    {
      "name": "CVE-2009-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
    },
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2009-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
    },
    {
      "name": "CVE-2009-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
    },
    {
      "name": "CVE-2009-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
    },
    {
      "name": "CVE-2009-2840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
    },
    {
      "name": "CVE-2009-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
    },
    {
      "name": "CVE-2009-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-2838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2009-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2009-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
    },
    {
      "name": "CVE-2009-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    },
    {
      "name": "CVE-2009-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
    },
    {
      "name": "CVE-2009-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
    },
    {
      "name": "CVE-2009-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    },
    {
      "name": "CVE-2009-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
    },
    {
      "name": "CVE-2009-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
    },
    {
      "name": "CVE-2009-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
    },
    {
      "name": "CVE-2009-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    },
    {
      "name": "CVE-2009-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
    },
    {
      "name": "CVE-2009-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
    }
  ],
  "initial_release_date": "2009-11-10T00:00:00",
  "last_revision_date": "2009-11-10T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3937"
    }
  ]
}

CERTA-2009-AVI-320

Vulnerability from certfr_avis - Published: 2009-08-11 - Updated: 2009-08-11

De multiples vulnérabilités dans Subversion permettent d'exécuter du code arbitraire à distance.

Description

De multiples débordements de mémoire ont été découverts dans Subversion. La bibliothèque libsvn_delta n'effectue pas suffisamment de validations des flux, ce qui peut être exploité pour exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	clients et serveurs Subversion versions 1.6.0 à 1.6.3 (incluses).
	N/A	N/A	Clients et serveurs Subversion versions 1.5.6 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Subversion

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "clients et serveurs Subversion versions 1.6.0 \u00e0 1.6.3 (incluses).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Clients et serveurs Subversion versions 1.5.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples d\u00e9bordements de m\u00e9moire ont \u00e9t\u00e9 d\u00e9couverts dans Subversion.\nLa biblioth\u00e8que libsvn_delta n\u0027effectue pas suffisamment de validations\ndes flux, ce qui peut \u00eatre exploit\u00e9 pour ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    }
  ],
  "initial_release_date": "2009-08-11T00:00:00",
  "last_revision_date": "2009-08-11T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-320",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eSubversion\u003c/span\u003e\npermettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Subversion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Subversion",
      "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
    }
  ]
}

GSD-2009-2411

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2411

Aliases

CVE-2009-2411

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2411",
    "description": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.",
    "id": "GSD-2009-2411",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2411.html",
      "https://www.debian.org/security/2009/dsa-1855",
      "https://access.redhat.com/errata/RHSA-2009:1203",
      "https://linux.oracle.com/cve/CVE-2009-2411.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2411"
      ],
      "details": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.",
      "id": "GSD-2009-2411",
      "modified": "2023-12-13T01:19:46.633696Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-2411",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3937",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3184",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html",
            "refsource": "MISC",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
          },
          {
            "name": "http://osvdb.org/56856",
            "refsource": "MISC",
            "url": "http://osvdb.org/56856"
          },
          {
            "name": "http://secunia.com/advisories/36184",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36184"
          },
          {
            "name": "http://secunia.com/advisories/36224",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36224"
          },
          {
            "name": "http://secunia.com/advisories/36232",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36232"
          },
          {
            "name": "http://secunia.com/advisories/36257",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36257"
          },
          {
            "name": "http://secunia.com/advisories/36262",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36262"
          },
          {
            "name": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt",
            "refsource": "MISC",
            "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
          },
          {
            "name": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES",
            "refsource": "MISC",
            "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
          },
          {
            "name": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES",
            "refsource": "MISC",
            "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
          },
          {
            "name": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml",
            "refsource": "MISC",
            "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
          },
          {
            "name": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml",
            "refsource": "MISC",
            "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
          },
          {
            "name": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml",
            "refsource": "MISC",
            "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1855",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1855"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1203.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/35983",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/35983"
          },
          {
            "name": "http://www.securitytracker.com/id?1022697",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1022697"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-812-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-812-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/2180",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/2180"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-2411"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36184",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36184"
            },
            {
              "name": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
            },
            {
              "name": "[dev] 20090806 Subversion 1.5.7 Released",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
            },
            {
              "name": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
            },
            {
              "name": "[dev] 20090806 Subversion 1.6.4 Released",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
            },
            {
              "name": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
            },
            {
              "name": "ADV-2009-2180",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2180"
            },
            {
              "name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
            },
            {
              "name": "35983",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35983"
            },
            {
              "name": "36232",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36232"
            },
            {
              "name": "FEDORA-2009-8449",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
            },
            {
              "name": "20090807 Subversion heap overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
            },
            {
              "name": "MDVSA-2009:199",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
            },
            {
              "name": "DSA-1855",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1855"
            },
            {
              "name": "1022697",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022697"
            },
            {
              "name": "FEDORA-2009-8432",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
            },
            {
              "name": "36224",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36224"
            },
            {
              "name": "56856",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/56856"
            },
            {
              "name": "USN-812-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-812-1"
            },
            {
              "name": "RHSA-2009:1203",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
            },
            {
              "name": "36262",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36262"
            },
            {
              "name": "36257",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36257"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3937"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "oval:org.mitre.oval:def:11465",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-08-07T19:30Z"
    }
  }
}

GHSA-VMFG-4FRJ-FMFG

Vulnerability from github – Published: 2022-05-02 03:35 – Updated: 2022-05-02 03:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2411"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-07T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.",
  "id": "GHSA-vmfg-4frj-fmfg",
  "modified": "2022-05-02T03:35:02Z",
  "published": "2022-05-02T03:35:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2411"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/56856"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36184"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36224"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36232"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36257"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36262"
    },
    {
      "type": "WEB",
      "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
    },
    {
      "type": "WEB",
      "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
    },
    {
      "type": "WEB",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
    },
    {
      "type": "WEB",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
    },
    {
      "type": "WEB",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1855"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35983"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022697"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-812-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2180"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-2411

Vulnerability from fkie_nvd - Published: 2009-08-07 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
secalert@redhat.com	http://osvdb.org/56856
secalert@redhat.com	http://secunia.com/advisories/36184	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/36224
secalert@redhat.com	http://secunia.com/advisories/36232
secalert@redhat.com	http://secunia.com/advisories/36257
secalert@redhat.com	http://secunia.com/advisories/36262
secalert@redhat.com	http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
secalert@redhat.com	http://support.apple.com/kb/HT3937
secalert@redhat.com	http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
secalert@redhat.com	http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
secalert@redhat.com	http://svn.haxx.se/dev/archive-2009-08/0107.shtml
secalert@redhat.com	http://svn.haxx.se/dev/archive-2009-08/0108.shtml
secalert@redhat.com	http://svn.haxx.se/dev/archive-2009-08/0110.shtml
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1855
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1203.html
secalert@redhat.com	http://www.securityfocus.com/bid/35983
secalert@redhat.com	http://www.securitytracker.com/id?1022697
secalert@redhat.com	http://www.ubuntu.com/usn/usn-812-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/2180	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3184
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/56856
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36184	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36224
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36232
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36257
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36262
af854a3a-2127-422b-91ae-364da2661108	http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3937
af854a3a-2127-422b-91ae-364da2661108	http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://svn.haxx.se/dev/archive-2009-08/0107.shtml
af854a3a-2127-422b-91ae-364da2661108	http://svn.haxx.se/dev/archive-2009-08/0108.shtml
af854a3a-2127-422b-91ae-364da2661108	http://svn.haxx.se/dev/archive-2009-08/0110.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1855
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1203.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35983
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022697
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-812-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2180	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3184
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

Impacted products

Vendor	Product	Version
subversion	subversion	*
subversion	subversion	0.22.1
subversion	subversion	0.23.0
subversion	subversion	0.24.0
subversion	subversion	0.24.1
subversion	subversion	0.24.2
subversion	subversion	0.25.0
subversion	subversion	0.27.0
subversion	subversion	0.28.0
subversion	subversion	0.28.1
subversion	subversion	0.28.2
subversion	subversion	0.29.0
subversion	subversion	0.30.0
subversion	subversion	0.31.0
subversion	subversion	0.32.0
subversion	subversion	0.32.1
subversion	subversion	0.33.0
subversion	subversion	0.33.1
subversion	subversion	0.34.0
subversion	subversion	0.35.0
subversion	subversion	0.35.1
subversion	subversion	0.36.0
subversion	subversion	0.37.0
subversion	subversion	1.0
subversion	subversion	1.0.0
subversion	subversion	1.0.1
subversion	subversion	1.0.2
subversion	subversion	1.0.3
subversion	subversion	1.0.4
subversion	subversion	1.0.5
subversion	subversion	1.0.6
subversion	subversion	1.0.7
subversion	subversion	1.0.8
subversion	subversion	1.0.9
subversion	subversion	1.1.0
subversion	subversion	1.1.0_rc1
subversion	subversion	1.1.0_rc2
subversion	subversion	1.1.0_rc3
subversion	subversion	1.1.1
subversion	subversion	1.1.2
subversion	subversion	1.1.3
subversion	subversion	1.1.4
subversion	subversion	1.2.0
subversion	subversion	1.2.1
subversion	subversion	1.2.2
subversion	subversion	1.2.3
subversion	subversion	1.3.0
subversion	subversion	1.3.1
subversion	subversion	1.3.2
subversion	subversion	1.4.0
subversion	subversion	1.4.1
subversion	subversion	1.4.2
subversion	subversion	1.4.3
subversion	subversion	1.4.4
subversion	subversion	1.4.5
subversion	subversion	1.5.0
subversion	subversion	1.5.1
subversion	subversion	1.5.3
subversion	subversion	1.5.4
subversion	subversion	1.5.5
subversion	subversion	1.6.0
subversion	subversion	1.6.1
subversion	subversion	1.6.2
subversion	subversion	1.6.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0434A631-5531-4C32-B5C5-730CA1890441",
              "versionEndIncluding": "1.5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EA6517-6361-449E-8A50-3E8706A71211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "473B6660-AED8-4805-A48F-F4A18A4AB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F087A7F-7D7D-4377-B7CD-FC0775A33568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E49F61-BC1D-4B0F-859F-89C331DA0E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44285DE-6FD7-4B0D-9715-1E6D31FAB6BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D18EA18-8EB3-4924-B428-A4D329A87C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48BB82A4-223F-43E3-8EE2-BA6276F51A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0D2D18-5141-4070-9390-2027967CBD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F3F14A-AD74-4318-A830-08DED8189E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56ADDE86-635F-4F24-A320-CBBE076BA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD9198-B051-4E0E-9B0B-CE99346EFF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81E5045-969D-4064-A7DB-9F902D600251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B5A517-AAD4-44AE-8B1B-F1BA3F9C21B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5342EE15-7AAD-4666-BEFB-172A7CE5BC96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71AD1DC9-1BEA-4C81-A4EF-B78B2344C65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A71B55-7F08-40BD-A60E-4EF679388B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AA93C8-0CC1-46D0-8B67-2A3846BBDA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC08C9E-DC76-4F5E-9CA2-7952CC332EB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BB20C00-C6D6-4175-B659-018C4F4A1167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "139E706E-202C-45B4-A5E3-2CDEEA14E20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF79BC49-E4CD-4DCA-860F-A27F0371D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C12BDC3-6B07-47DD-96C8-1FA9F4B7BFE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F10E314-3897-4A63-AE40-F4E34C3F0BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD801B94-DBE2-4A65-9428-8D4FC581866A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B95A69-2535-4844-B819-082D4349708C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "930953B4-E972-48FB-913B-169E91F93FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B41D875-F515-4A3F-9AA5-79BD09F74C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8CCC20-8986-4028-B125-66F371A4A1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E07F13C-A6FC-49E8-B10E-E4FC1F182DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "04AB9C70-10CB-460B-91AD-1D79C9153194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E718DB-2A79-4277-BA15-6E6A904E483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E10F1DA-64E9-4567-8727-3AE8A6788A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8CED53-EC94-480C-BCBD-EE045F0AA2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27FC24BB-5BF3-4A25-A5C0-F5A224736F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "286B7EBD-D663-440C-859B-1E0EE839AEB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408EC889-4D8B-49FC-9281-AC85559BB774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E2A83E-A244-4F1E-85E9-6EA075D32C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "212AC756-866F-43F6-9659-61554824B884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B612E0A1-C0F8-4E69-B32C-356ADE7F82E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B8E241-9E28-4627-8FBB-18CF5D12B11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D528D6-37F5-40D0-BAF2-CCA214862C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73FF73-1F94-4657-83E2-375311A94440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2FAC312-66F0-4C9E-95DF-0C61F07A834D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9E80F6-728C-4474-AB90-23DF119E83DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "051434CF-6B62-4C29-B71A-C8800F048A07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "339A1BAC-F631-4355-9889-CE5EAC2FCB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "72315FB6-EDB2-43AB-9DA8-E27118C84C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C099833-CC13-47DD-9E6A-E10BF8103401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF74121-52AC-4EA8-9B51-BA68ED766ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6B791F-2DB2-4428-80DB-3203FD8868ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0754E5-044C-445B-846F-1B7C7664F6BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D938FBF-02E3-4713-A7DB-7C552C65471C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A882A7B-5E03-4FC4-A92E-3681C67A0CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF0C2C6-5FC0-4FB2-B31C-B9174789F904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D435D7-F523-4B8B-988F-37F85DA7ECCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CCBE47-1BD4-494A-8B9B-CB062F9741B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "457BD304-23A2-4FB4-AE9F-9F462DC27DD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7899D782-7544-4113-AE78-B724689EDC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "85E5887A-A560-40AA-96D4-45D65D9A9C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C461DA24-27D3-44C6-A5A3-17716616C696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBF9A45-958C-4C65-B8AE-A7214D6A6922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DE31846-6A08-47D5-8D20-D627DED5D8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B6D800-A4A5-4835-941C-31C3FD00D5F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en la biblioteca libsvn_delta en Subversion anterior a v1.5.7 y v1.6.x anterior a v1.6.4, permite a los usuarios remotos autenticados y a los servidores Subversion remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un flujo (stream) svndiff con grandes ventanas que desencadenan un desbordamiento de b\u00fafer basado en memoria din\u00e1mica, una cuesti\u00f3n relacionada con CVE-2009-2412."
    }
  ],
  "id": "CVE-2009-2411",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-07T19:30:00.297",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/56856"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36184"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36232"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36257"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36262"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1855"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/35983"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1022697"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-812-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2180"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/56856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-812-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2411 (GCVE-0-2009-2411)

CERTA-2009-AVI-487

Description

Solution

CERTA-2009-AVI-320

Description

Solution

GSD-2009-2411

GHSA-VMFG-4FRJ-FMFG

FKIE_CVE-2009-2411

Tags

Sightings

Nomenclature