CVE-2009-2411

NONE EPSS 91.3%
Published Aug 7, 200916y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 7, 2009 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Threat Intelligence

EPSS Exploit Probability
91.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 64

VendorProductVersionRange
subversionsubversion* ≤1.5.6
subversionsubversion0.22.1any
subversionsubversion0.23.0any
subversionsubversion0.24.0any
subversionsubversion0.24.1any
subversionsubversion0.24.2any
subversionsubversion0.25.0any
subversionsubversion0.27.0any
subversionsubversion0.28.0any
subversionsubversion0.28.1any
subversionsubversion0.28.2any
subversionsubversion0.29.0any
subversionsubversion0.30.0any
subversionsubversion0.31.0any
subversionsubversion0.32.0any
subversionsubversion0.32.1any
subversionsubversion0.33.0any
subversionsubversion0.33.1any
subversionsubversion0.34.0any
subversionsubversion0.35.0any
subversionsubversion0.35.1any
subversionsubversion0.36.0any
subversionsubversion0.37.0any
subversionsubversion1.0any
subversionsubversion1.0.0any
subversionsubversion1.0.1any
subversionsubversion1.0.2any
subversionsubversion1.0.3any
subversionsubversion1.0.4any
subversionsubversion1.0.5any
subversionsubversion1.0.6any
subversionsubversion1.0.7any
subversionsubversion1.0.8any
subversionsubversion1.0.9any
subversionsubversion1.1.0any
subversionsubversion1.1.0_rc1any
subversionsubversion1.1.0_rc2any
subversionsubversion1.1.0_rc3any
subversionsubversion1.1.1any
subversionsubversion1.1.2any
subversionsubversion1.1.3any
subversionsubversion1.1.4any
subversionsubversion1.2.0any
subversionsubversion1.2.1any
subversionsubversion1.2.2any
subversionsubversion1.2.3any
subversionsubversion1.3.0any
subversionsubversion1.3.1any
subversionsubversion1.3.2any
subversionsubversion1.4.0any
subversionsubversion1.4.1any
subversionsubversion1.4.2any
subversionsubversion1.4.3any
subversionsubversion1.4.4any
subversionsubversion1.4.5any
subversionsubversion1.5.0any
subversionsubversion1.5.1any
subversionsubversion1.5.3any
subversionsubversion1.5.4any
subversionsubversion1.5.5any
subversionsubversion1.6.0any
subversionsubversion1.6.1any
subversionsubversion1.6.2any
subversionsubversion1.6.3any

References 26

  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
  • lists.apple.com http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
  • osvdb.org http://osvdb.org/56856
  • secunia.com http://secunia.com/advisories/36184
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/36224
  • secunia.com http://secunia.com/advisories/36232
  • secunia.com http://secunia.com/advisories/36257
  • secunia.com http://secunia.com/advisories/36262
  • subversion.tigris.org http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
  • support.apple.com http://support.apple.com/kb/HT3937
  • svn.collab.net http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
  • svn.collab.net http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
  • svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0107.shtml
  • svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0108.shtml
  • svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0110.shtml
  • debian.org http://www.debian.org/security/2009/dsa-1855
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-1203.html
  • securityfocus.com http://www.securityfocus.com/bid/35983
  • securitytracker.com http://www.securitytracker.com/id?1022697
  • ubuntu.com http://www.ubuntu.com/usn/usn-812-1
  • vupen.com http://www.vupen.com/english/advisories/2009/2180
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/3184
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.