8.5

CVE-2009-2411

EPSS 6.17%
Published 07.08.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Affected products Warnungen 0 Metrics 2 CWE 0 References 29

Data is provided by the National Vulnerability Database (NVD)

Subversion ≫ Subversion Version <= 1.5.6

Subversion ≫ Subversion Version0.22.1

Subversion ≫ Subversion Version0.23.0

Subversion ≫ Subversion Version0.24.0

Subversion ≫ Subversion Version0.24.1

Subversion ≫ Subversion Version0.24.2

Subversion ≫ Subversion Version0.25.0

Subversion ≫ Subversion Version0.27.0

Subversion ≫ Subversion Version0.28.0

Subversion ≫ Subversion Version0.28.1

Subversion ≫ Subversion Version0.28.2

Subversion ≫ Subversion Version0.29.0

Subversion ≫ Subversion Version0.30.0

Subversion ≫ Subversion Version0.31.0

Subversion ≫ Subversion Version0.32.0

Subversion ≫ Subversion Version0.32.1

Subversion ≫ Subversion Version0.33.0

Subversion ≫ Subversion Version0.33.1

Subversion ≫ Subversion Version0.34.0

Subversion ≫ Subversion Version0.35.0

Subversion ≫ Subversion Version0.35.1

Subversion ≫ Subversion Version0.36.0

Subversion ≫ Subversion Version0.37.0

Subversion ≫ Subversion Version1.0

Subversion ≫ Subversion Version1.0.0

Subversion ≫ Subversion Version1.0.1

Subversion ≫ Subversion Version1.0.2

Subversion ≫ Subversion Version1.0.3

Subversion ≫ Subversion Version1.0.4

Subversion ≫ Subversion Version1.0.5

Subversion ≫ Subversion Version1.0.6

Subversion ≫ Subversion Version1.0.7

Subversion ≫ Subversion Version1.0.8

Subversion ≫ Subversion Version1.0.9

Subversion ≫ Subversion Version1.1.0

Subversion ≫ Subversion Version1.1.0_rc1

Subversion ≫ Subversion Version1.1.0_rc2

Subversion ≫ Subversion Version1.1.0_rc3

Subversion ≫ Subversion Version1.1.1

Subversion ≫ Subversion Version1.1.2

Subversion ≫ Subversion Version1.1.3

Subversion ≫ Subversion Version1.1.4

Subversion ≫ Subversion Version1.2.0

Subversion ≫ Subversion Version1.2.1

Subversion ≫ Subversion Version1.2.2

Subversion ≫ Subversion Version1.2.3

Subversion ≫ Subversion Version1.3.0

Subversion ≫ Subversion Version1.3.1

Subversion ≫ Subversion Version1.3.2

Subversion ≫ Subversion Version1.4.0

Subversion ≫ Subversion Version1.4.1

Subversion ≫ Subversion Version1.4.2

Subversion ≫ Subversion Version1.4.3

Subversion ≫ Subversion Version1.4.4

Subversion ≫ Subversion Version1.4.5

Subversion ≫ Subversion Version1.5.0

Subversion ≫ Subversion Version1.5.1

Subversion ≫ Subversion Version1.5.3

Subversion ≫ Subversion Version1.5.4

Subversion ≫ Subversion Version1.5.5

Subversion ≫ Subversion Version1.6.0

Subversion ≫ Subversion Version1.6.1

Subversion ≫ Subversion Version1.6.2

Subversion ≫ Subversion Version1.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.17%	0.898

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://support.apple.com/kb/HT3937

http://www.vupen.com/english/advisories/2009/3184

http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html

http://osvdb.org/56856

http://secunia.com/advisories/36184

Vendor Advisory

http://secunia.com/advisories/36224

http://secunia.com/advisories/36232

http://secunia.com/advisories/36257

http://secunia.com/advisories/36262

http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES

http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES

http://svn.haxx.se/dev/archive-2009-08/0107.shtml

http://svn.haxx.se/dev/archive-2009-08/0108.shtml

http://svn.haxx.se/dev/archive-2009-08/0110.shtml

http://www.debian.org/security/2009/dsa-1855

http://www.mandriva.com/security/advisories?name=MDVSA-2009:199

http://www.redhat.com/support/errata/RHSA-2009-1203.html

http://www.securityfocus.com/bid/35983

http://www.securitytracker.com/id?1022697

http://www.ubuntu.com/usn/usn-812-1

http://www.vupen.com/english/advisories/2009/2180

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html

https://nvd.nist.gov/vuln/detail/CVE-2009-2411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2411

EUVD