Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2022-24070 PUBLISHED CVSS 7.5 HIGH

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.15subversion1.6.2-r0, 1.6.17-r4, 1.6.17-r3
Alpine:v3.16subversion1.6.15-r0, 1.9.7-r0, 1.9.5-r1
Alpine:v3.14subversion1.8.8-r0, 1.8.5-r1, 1.8.5-r0
Alpine:v3.23subversion1.7.3-r0, 1.9.7-r0, 1.9.5-r1
Alpine:v3.19subversion1.8.10-r2, 1.10.2-r0, 1.10.0-r0
Alpine:v3.13subversion1.6.17-r2, 1.6.17-r3, 1.6.17-r4
Alpine:v3.18subversion1.9.1-r0, 0, 1.10.0-r0
Alpine:v3.21subversion1.9.7-r0, 0, 1.10.0-r0
Alpine:v3.22subversion0, 1.10.0-r0, 1.10.2-r0
Alpine:v3.20subversion0, 1.10.0-r0, 1.10.2-r0
Alpine:v3.17subversion1.9.7-r0, 1.9.5-r1, 1.9.5-r0

Timeline

References

Open in Interactive Console →