CVE-2009-2411
NONE EPSS 91.3%
Published Aug 7, 200916y ago · Modified Jun 16, 20262w ago
Published Aug 7, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Threat Intelligence
EPSS Exploit Probability
91.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-189
Affected Products 64
| Vendor | Product | Version | Range |
|---|---|---|---|
| subversion | subversion | * | ≤1.5.6 |
| subversion | subversion | 0.22.1 | any |
| subversion | subversion | 0.23.0 | any |
| subversion | subversion | 0.24.0 | any |
| subversion | subversion | 0.24.1 | any |
| subversion | subversion | 0.24.2 | any |
| subversion | subversion | 0.25.0 | any |
| subversion | subversion | 0.27.0 | any |
| subversion | subversion | 0.28.0 | any |
| subversion | subversion | 0.28.1 | any |
| subversion | subversion | 0.28.2 | any |
| subversion | subversion | 0.29.0 | any |
| subversion | subversion | 0.30.0 | any |
| subversion | subversion | 0.31.0 | any |
| subversion | subversion | 0.32.0 | any |
| subversion | subversion | 0.32.1 | any |
| subversion | subversion | 0.33.0 | any |
| subversion | subversion | 0.33.1 | any |
| subversion | subversion | 0.34.0 | any |
| subversion | subversion | 0.35.0 | any |
| subversion | subversion | 0.35.1 | any |
| subversion | subversion | 0.36.0 | any |
| subversion | subversion | 0.37.0 | any |
| subversion | subversion | 1.0 | any |
| subversion | subversion | 1.0.0 | any |
| subversion | subversion | 1.0.1 | any |
| subversion | subversion | 1.0.2 | any |
| subversion | subversion | 1.0.3 | any |
| subversion | subversion | 1.0.4 | any |
| subversion | subversion | 1.0.5 | any |
| subversion | subversion | 1.0.6 | any |
| subversion | subversion | 1.0.7 | any |
| subversion | subversion | 1.0.8 | any |
| subversion | subversion | 1.0.9 | any |
| subversion | subversion | 1.1.0 | any |
| subversion | subversion | 1.1.0_rc1 | any |
| subversion | subversion | 1.1.0_rc2 | any |
| subversion | subversion | 1.1.0_rc3 | any |
| subversion | subversion | 1.1.1 | any |
| subversion | subversion | 1.1.2 | any |
| subversion | subversion | 1.1.3 | any |
| subversion | subversion | 1.1.4 | any |
| subversion | subversion | 1.2.0 | any |
| subversion | subversion | 1.2.1 | any |
| subversion | subversion | 1.2.2 | any |
| subversion | subversion | 1.2.3 | any |
| subversion | subversion | 1.3.0 | any |
| subversion | subversion | 1.3.1 | any |
| subversion | subversion | 1.3.2 | any |
| subversion | subversion | 1.4.0 | any |
| subversion | subversion | 1.4.1 | any |
| subversion | subversion | 1.4.2 | any |
| subversion | subversion | 1.4.3 | any |
| subversion | subversion | 1.4.4 | any |
| subversion | subversion | 1.4.5 | any |
| subversion | subversion | 1.5.0 | any |
| subversion | subversion | 1.5.1 | any |
| subversion | subversion | 1.5.3 | any |
| subversion | subversion | 1.5.4 | any |
| subversion | subversion | 1.5.5 | any |
| subversion | subversion | 1.6.0 | any |
| subversion | subversion | 1.6.1 | any |
| subversion | subversion | 1.6.2 | any |
| subversion | subversion | 1.6.3 | any |
References 26
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- osvdb.org http://osvdb.org/56856
- secunia.com http://secunia.com/advisories/36184
- secunia.com http://secunia.com/advisories/36224
- secunia.com http://secunia.com/advisories/36232
- secunia.com http://secunia.com/advisories/36257
- secunia.com http://secunia.com/advisories/36262
- subversion.tigris.org http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- support.apple.com http://support.apple.com/kb/HT3937
- svn.collab.net http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- svn.collab.net http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- svn.haxx.se http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- debian.org http://www.debian.org/security/2009/dsa-1855
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- redhat.com http://www.redhat.com/support/errata/RHSA-2009-1203.html
- securityfocus.com http://www.securityfocus.com/bid/35983
- securitytracker.com http://www.securitytracker.com/id?1022697
- ubuntu.com http://www.ubuntu.com/usn/usn-812-1
- vupen.com http://www.vupen.com/english/advisories/2009/2180
- vupen.com http://www.vupen.com/english/advisories/2009/3184
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.