Apache Software Foundation
[S] Subversion

Apache Subversion Security

The Apache Software Foundation provides a framework and team of folks for handling reports of security vulnerabilities. If you discover a security vulnerability in Apache Subversion, please follow the instructions found here:

http://www.apache.org/security/

To learn more about how the Subversion development team treats discovered and reported security vulnerabilities, please visit the Security section of the Community Guide.

Previous Security Advisories

The following are a list of past security advisories issued by the Subversion project.

Document Affected Version(s) Description
svn-sscanf-advisory.txt 1.0.0-1.0.2 Date parser buffer overflow.
CAN-2004-0413-advisory.txt 1.0.0-1.0.4 Denial of Service and Heap Overflow issue related to string parsing in svnserve
mod_authz_svn-copy-advisory.txt 1.0.0-1.0.5 mod_authz_svn exposure of unreadable paths via deep copy to readable location.
CAN-2004-0749-advisory.txt 1.0.0-1.0.7, 1.1.0-rcX Revision metadata leakage in mod_dav_svn.
CVE-2007-2448-advisory.txt 1.0.1-1.4.3 Revision metadata leakage via 'svn prop*' commands.
CVE-2007-3846-advisory.txt 1.0.0-1.4.4 Remote file delivery and installation via path mis-handling.
CVE-2009-2411-advisory.txt 1.0.0-1.6.3 Heap Overflow in binary delta parser.
CVE-2010-3315-advisory.txt 1.5.0-1.5.7, 1.6.0-1.6.12 mod_dav_svn exposure of unreadable paths when SVNPathAuthz "short_circuit" is employed.
CVE-2010-4539 1.0.0-1.5.8, 1.6.0-1.6.13 mod_dav_svn potential crash when using SVNParentPath
CVE-2010-4644 1.5.0-1.5.8, 1.6.0-1.6.13 Server out-of-memory error caused by 'blame -g'
CVE-2011-0715-advisory.txt 1.2.0-1.5.9, 1.6.0-1.6.15 Server NULL-pointer dereference
CVE-2011-1752-advisory.txt 1.0.0-1.6.16 Server NULL-pointer dereference
CVE-2011-1783-advisory.txt 1.5.0-1.6.16 Server memory exhaustion
CVE-2011-1921-advisory.txt 1.5.0-1.6.16 mod_dav_svn exposure of unreadable paths
CVE-2013-1845-advisory.txt 1.0.0-1.6.20 and 1.7.0-1.7.8 mod_dav_svn excessive memory usage from property changes
CVE-2013-1846-advisory.txt 1.0.0-1.6.20 and 1.7.0-1.7.8 mod_dav_svn crashes on LOCK requests against activity URLs
CVE-2013-1847-advisory.txt 1.6.0-1.6.20 and 1.7.0-1.7.8 mod_dav_svn crashes on LOCK requests against non-existant URLs
CVE-2013-1849-advisory.txt 1.0.0-1.6.20 and 1.7.0-1.7.8 mod_dav_svn crashes on PROPFIND requests against activity URLs
CVE-2013-1884-advisory.txt 1.7.0-1.7.8 mod_dav_svn crashes on out of range limit in log REPORT request
CVE-2013-1968-advisory.txt 1.1.0-1.6.23 and 1.7.0-1.7.9 fsfs repositories can be corrupted by newline characters in filenames
CVE-2013-2088-advisory.txt 1.2.0-1.6.23 tarballs and repository revisions until r1485487 on /branches/1.7.x and /branches/1.8.x and subversion tags through 1.7.10 (Note: We do not ship the contrib directory in our tarballs from 1.7.0 on) contrib hook-scripts can allow arbitrary code execution
CVE-2013-2112-advisory.txt 1.0.0-1.6.21 and 1.7.0-1.7.9 svnserve remotely triggerable DoS
CVE-2013-4131-advisory.txt 1.6.0-1.7.10 and 1.8.0 mod_dav_svn assertion from requests against root path
CVE-2013-4246-advisory.txt 1.8.0 - 1.8.1 fsfs: corruption from editing packed revision properties
CVE-2013-4262-advisory.txt 1.8.0 - 1.8.2 admin-side tools: symlink attack against pid file
CVE-2013-4277-advisory.txt 1.4.0-1.7.12 and 1.8.0-1.8.2 svnserve: symlink attack against pid file
CVE-2013-4505-advisory.txt 1.4.0-1.7.13 and 1.8.0-1.8.4 mod_dontdothat does not restrict requests from serf based clients
CVE-2013-4558-advisory.txt 1.7.11-1.7.13 and 1.8.1-1.8.4 mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits
CVE-2014-0032-advisory.txt 1.3.0-1.7.14 and 1.8.0-1.8.5 mod_dav_svn DoS vulnerability with SVNListParentPath