CVE-2018-11803

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
apachesubversion
1.10.0 ≤
𝑥
≤ 1.10.3
apachesubversion
1.11.0
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bullseye (security)
1.14.1-3+deb11u1
fixed
bullseye
1.14.1-3+deb11u1
fixed
stretch
not-affected
jessie
not-affected
bookworm
1.14.2-4
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
jammy
not-affected
impish
not-affected
hirsute
ignored
groovy
ignored
focal
not-affected
eoan
ignored
disco
ignored
cosmic
Fixed 1.10.0-2ubuntu2.1
released
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106770
https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003%40%3Cdev.subversion.apache.org%3E
https://security.gentoo.org/glsa/201904-08
https://usn.ubuntu.com/3869-1/
http://www.securityfocus.com/bid/106770
https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003%40%3Cdev.subversion.apache.org%3E
https://security.gentoo.org/glsa/201904-08
https://usn.ubuntu.com/3869-1/