Apache Subversion Security
Apache Subversion Security
The Apache Software Foundation provides a framework and team of
folks for handling reports of security vulnerabilities. If you
discover a security vulnerability in Apache Subversion, please
follow the instructions found here:
To learn more about how the Subversion development team treats discovered
and reported security vulnerabilities, please visit the
Security section
of the Community Guide.
Previous Security Advisories
The following are a list of past security advisories issued by the
Subversion project.
Document
Affected Version(s)
Description
svn-sscanf-advisory.txt
1.0.0-1.0.2
Date parser buffer overflow.
CAN-2004-0413-advisory.txt
1.0.0-1.0.4
Denial of Service and Heap Overflow issue related to string parsing in svnserve
mod_authz_svn-copy-advisory.txt
1.0.0-1.0.5
mod_authz_svn exposure of unreadable paths via deep copy to readable location.
CAN-2004-0749-advisory.txt
1.0.0-1.0.7, 1.1.0-rcX
Revision metadata leakage in mod_dav_svn.
CVE-2007-2448-advisory.txt
1.0.1-1.4.3
Revision metadata leakage via 'svn prop*' commands.
CVE-2007-3846-advisory.txt
1.0.0-1.4.4
Remote file delivery and installation via path mis-handling.
CVE-2009-2411-advisory.txt
1.0.0-1.6.3
Heap Overflow in binary delta parser.
CVE-2010-3315-advisory.txt
1.5.0-1.5.7, 1.6.0-1.6.12
mod_dav_svn exposure of unreadable paths when SVNPathAuthz "short_circuit" is employed.
CVE-2010-4539
1.0.0-1.5.8, 1.6.0-1.6.13
mod_dav_svn potential crash when using SVNParentPath
CVE-2010-4644
1.5.0-1.5.8, 1.6.0-1.6.13
Server out-of-memory error caused by 'blame -g'
CVE-2011-0715-advisory.txt
1.2.0-1.5.9, 1.6.0-1.6.15
Server NULL-pointer dereference
CVE-2011-1752-advisory.txt
1.0.0-1.6.16
Server NULL-pointer dereference
CVE-2011-1783-advisory.txt
1.5.0-1.6.16
Server memory exhaustion
CVE-2011-1921-advisory.txt
1.5.0-1.6.16
mod_dav_svn exposure of unreadable paths
CVE-2013-1845-advisory.txt
1.0.0-1.6.20 and 1.7.0-1.7.8
mod_dav_svn excessive memory usage from property changes
CVE-2013-1846-advisory.txt
1.0.0-1.6.20 and 1.7.0-1.7.8
mod_dav_svn crashes on LOCK requests against activity URLs
CVE-2013-1847-advisory.txt
1.6.0-1.6.20 and 1.7.0-1.7.8
mod_dav_svn crashes on LOCK requests against non-existant URLs
CVE-2013-1849-advisory.txt
1.0.0-1.6.20 and 1.7.0-1.7.8
mod_dav_svn crashes on PROPFIND requests against activity URLs
CVE-2013-1884-advisory.txt
1.7.0-1.7.8
mod_dav_svn crashes on out of range limit in log REPORT request
CVE-2013-1968-advisory.txt
1.1.0-1.6.23 and 1.7.0-1.7.9
fsfs repositories can be corrupted by newline characters in filenames
CVE-2013-2088-advisory.txt
1.2.0-1.6.23 (see advisory)
contrib hook-scripts can allow arbitrary code execution
CVE-2013-2112-advisory.txt
1.0.0-1.6.21 and 1.7.0-1.7.9
svnserve remotely triggerable DoS
CVE-2013-4131-advisory.txt
1.6.0-1.7.10 and 1.8.0
mod_dav_svn assertion from requests against root path
CVE-2013-4246-advisory.txt
1.8.0 - 1.8.1
fsfs: corruption from editing packed revision properties
CVE-2013-4262-advisory.txt
1.8.0 - 1.8.2
admin-side tools: symlink attack against pid file
CVE-2013-4277-advisory.txt
1.4.0-1.7.12 and 1.8.0-1.8.2
svnserve: symlink attack against pid file
CVE-2013-4505-advisory.txt
1.4.0-1.7.13 and 1.8.0-1.8.4
mod_dontdothat does not restrict requests from serf based clients
CVE-2013-4558-advisory.txt
1.7.11-1.7.13 and 1.8.1-1.8.4
mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits
CVE-2014-0032-advisory.txt
1.3.0-1.7.14 and 1.8.0-1.8.5
mod_dav_svn DoS vulnerability with SVNListParentPath
CVE-2014-3522-advisory.txt
1.4.0-1.7.17 and 1.8.0-1.8.9
ra_serf improper validation of wildcards in SSL certs
CVE-2014-3528-advisory.txt
1.0.0-1.7.17 and 1.8.0-1.8.9
credentials cached with svn may be sent to wrong server
CVE-2014-3580-advisory.txt
1.0.0-1.7.18 and 1.8.0-1.8.10
mod_dav_svn DoS vulnerability with invalid REPORT requests
CVE-2014-8108-advisory.txt
1.7.0-1.7.18 and 1.8.0-1.8.10
mod_dav_svn DoS vulnerability with invalid virtual transaction names
CVE-2015-0202-advisory.txt
1.8.0-1.8.11
Subversion HTTP servers with FSFS repositories are vulnerable to a
remotely triggerable excessive memory use with certain REPORT requests
CVE-2015-0248-advisory.txt
1.6.0-1.7.19 and 1.8.0-1.8.11
Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable
assertion DoS vulnerability for certain requests with dynamically evaluated
revision numbers
CVE-2015-0251-advisory.txt
1.5.0-1.7.19 and 1.8.0-1.8.11
Subversion HTTP servers allow spoofing svn:author property values for new revisions
CVE-2015-3184-advisory.txt
1.7.0-1.7.20 and 1.8.0-1.8.13
Subversion's mod_authz_svn does not properly restrict anonymous access in
some mixed anonymous/authenticated environments when using Apache httpd 2.4.
CVE-2015-3187-advisory.txt
1.7.0-1.7.20 and 1.8.0-1.8.13
Subversion servers, both httpd and svnserve, will reveal some paths that
should be hidden by path-based authz.
CVE-2015-5259-advisory.txt
1.9.0-1.9.2
Remotely triggerable heap overflow and out-of-bounds read caused by
integer overflow in the svn:// protocol parser.
CVE-2016-2167-advisory.txt
1.5.0-1.8.15 and 1.9.0-1.9.3
svnserve/sasl may authenticate users using the wrong realm.
CVE-2016-2168-advisory.txt
1.0.0-1.8.15 and 1.9.0-1.9.3
Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE
authorization check.
CVE-2016-8734-advisory.txt
PGP
1.4.0-1.8.16 and 1.9.0-1.9.4
Unrestricted XML entity expansion in mod_dontdothat and Subversion
clients using http(s)://
sha1-advisory.txt
1.1.0-1.8.17 and 1.9.0-1.9.5
Apache Subversion is unable to store SHA1 collisions.
CVE-2017-9800-advisory.txt
PGP
1.0.0-1.8.18 and 1.9.0-1.9.6 and 1.10.0-alpha1-1.10.0-alpha3
Arbitrary code execution on clients through malicious svn+ssh URLs in
svn:externals and svn:sync-from-url
CVE-2018-11803-advisory.txt
PGP
1.10.0-1.10.3 and 1.11.0
Subversion's mod_dav_svn Apache HTTPD module will crash after dereferencing
an uninitialized pointer if the client omits the root path in a recursive
directory listing operation.
CVE-2018-11782-advisory.txt
PGP
1.9.0-1.9.10, 1.10.0-1.10.4, 1.11.0-1.11.1, 1.12.0
Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'.
CVE-2019-0203-advisory.txt
PGP
1.9.0-1.9.10, 1.10.0-1.10.4, 1.11.0-1.11.1, 1.12.0
Remote unauthenticated denial-of-service in Subversion svnserve.
CVE-2020-17525-advisory.txt
PGP
1.9.0-1.9.10, 1.10.0-1.10.6, 1.11.0-1.11.1, 1.12.0-1.12.2, 1.13.0, 1.14.0
Remote unauthenticated denial-of-service in mod_authz_svn.
CVE-2021-28544-advisory.txt
PGP
1.10.0-1.10.7, 1.14.0-1.14.1
SVN authz protected copyfrom paths regression
CVE-2022-24070-advisory.txt
PGP
1.10.0-1.10.7, 1.14.0-1.14.1
mod_dav_svn is vulnerable to memory corruption
CVE-2024-45720-advisory.txt
PGP
1.0.0-1.10.8, 1.14.0-1.14.3
Subversion command line argument injection on Windows platforms
CVE-2024-46901-advisory.txt
PGP
1.0.0-1.14.4
mod_dav_svn denial-of-service via control characters in paths
US