CVE-2009-2411
subversion - heap overflow
EPSS 6.2%
Description
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
How to fix CVE-2009-2411
To remediate CVE-2009-2411, upgrade the affected package to a fixed version below.
- Debian/subversion—upgrade to 1.6.4dfsg-1 or later
- Debian/subversion—upgrade to 1.4.2dfsg1-3 or later
Is CVE-2009-2411 being exploited?
Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.6.4dfsg-1
- from 0, < 1.4.2dfsg1-3