![[S] Subversion](/images/svn-name-banner.svg)
The Apache Software Foundation provides a framework and team of folks for handling reports of security vulnerabilities. If you discover a security vulnerability in Apache Subversion, please follow the instructions found here:
To learn more about how the Subversion development team treats discovered and reported security vulnerabilities, please visit the Security section of the Community Guide.
The following are a list of past security advisories issued by the Subversion project.
| Document | Affected Version(s) | Description |
|---|---|---|
| svn-sscanf-advisory.txt | 1.0.0-1.0.2 | Date parser buffer overflow. |
| CAN-2004-0413-advisory.txt | 1.0.0-1.0.4 | Denial of Service and Heap Overflow issue related to string parsing in svnserve |
| mod_authz_svn-copy-advisory.txt | 1.0.0-1.0.5 | mod_authz_svn exposure of unreadable paths via deep copy to readable location. |
| CAN-2004-0749-advisory.txt | 1.0.0-1.0.7, 1.1.0-rcX | Revision metadata leakage in mod_dav_svn. |
| CVE-2007-2448-advisory.txt | 1.0.1-1.4.3 | Revision metadata leakage via 'svn prop*' commands. |
| CVE-2007-3846-advisory.txt | 1.0.0-1.4.4 | Remote file delivery and installation via path mis-handling. |
| CVE-2009-2411-advisory.txt | 1.0.0-1.6.3 | Heap Overflow in binary delta parser. |
| CVE-2010-3315-advisory.txt | 1.5.0-1.5.7, 1.6.0-1.6.12 | mod_dav_svn exposure of unreadable paths when SVNPathAuthz "short_circuit" is employed. |
| CVE-2010-4539 | 1.0.0-1.5.8, 1.6.0-1.6.13 | mod_dav_svn potential crash when using SVNParentPath |
| CVE-2010-4644 | 1.5.0-1.5.8, 1.6.0-1.6.13 | Server out-of-memory error caused by 'blame -g' |
| CVE-2011-0715-advisory.txt | 1.2.0-1.5.9, 1.6.0-1.6.15 | Server NULL-pointer dereference |
| CVE-2011-1752-advisory.txt | 1.0.0-1.6.16 | Server NULL-pointer dereference |
| CVE-2011-1783-advisory.txt | 1.5.0-1.6.16 | Server memory exhaustion |
| CVE-2011-1921-advisory.txt | 1.5.0-1.6.16 | mod_dav_svn exposure of unreadable paths |
| CVE-2013-1845-advisory.txt | 1.0.0-1.6.20 and 1.7.0-1.7.8 | mod_dav_svn excessive memory usage from property changes |
| CVE-2013-1846-advisory.txt | 1.0.0-1.6.20 and 1.7.0-1.7.8 | mod_dav_svn crashes on LOCK requests against activity URLs |
| CVE-2013-1847-advisory.txt | 1.6.0-1.6.20 and 1.7.0-1.7.8 | mod_dav_svn crashes on LOCK requests against non-existant URLs |
| CVE-2013-1849-advisory.txt | 1.0.0-1.6.20 and 1.7.0-1.7.8 | mod_dav_svn crashes on PROPFIND requests against activity URLs |
| CVE-2013-1884-advisory.txt | 1.7.0-1.7.8 | mod_dav_svn crashes on out of range limit in log REPORT request |
| CVE-2013-1968-advisory.txt | 1.1.0-1.6.23 and 1.7.0-1.7.9 | fsfs repositories can be corrupted by newline characters in filenames |
| CVE-2013-2088-advisory.txt | 1.2.0-1.6.23 (see advisory) | contrib hook-scripts can allow arbitrary code execution |
| CVE-2013-2112-advisory.txt | 1.0.0-1.6.21 and 1.7.0-1.7.9 | svnserve remotely triggerable DoS |
| CVE-2013-4131-advisory.txt | 1.6.0-1.7.10 and 1.8.0 | mod_dav_svn assertion from requests against root path |
| CVE-2013-4246-advisory.txt | 1.8.0 - 1.8.1 | fsfs: corruption from editing packed revision properties |
| CVE-2013-4262-advisory.txt | 1.8.0 - 1.8.2 | admin-side tools: symlink attack against pid file |
| CVE-2013-4277-advisory.txt | 1.4.0-1.7.12 and 1.8.0-1.8.2 | svnserve: symlink attack against pid file |
| CVE-2013-4505-advisory.txt | 1.4.0-1.7.13 and 1.8.0-1.8.4 | mod_dontdothat does not restrict requests from serf based clients |
| CVE-2013-4558-advisory.txt | 1.7.11-1.7.13 and 1.8.1-1.8.4 | mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits |
| CVE-2014-0032-advisory.txt | 1.3.0-1.7.14 and 1.8.0-1.8.5 | mod_dav_svn DoS vulnerability with SVNListParentPath |
| CVE-2014-3522-advisory.txt | 1.4.0-1.7.17 and 1.8.0-1.8.9 | ra_serf improper validation of wildcards in SSL certs |
| CVE-2014-3528-advisory.txt | 1.0.0-1.7.17 and 1.8.0-1.8.9 | credentials cached with svn may be sent to wrong server |
| CVE-2014-3580-advisory.txt | 1.0.0-1.7.18 and 1.8.0-1.8.10 | mod_dav_svn DoS vulnerability with invalid REPORT requests |
| CVE-2014-8108-advisory.txt | 1.7.0-1.7.18 and 1.8.0-1.8.10 | mod_dav_svn DoS vulnerability with invalid virtual transaction names |
| CVE-2015-0202-advisory.txt | 1.8.0-1.8.11 | Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests |
| CVE-2015-0248-advisory.txt | 1.6.0-1.7.19 and 1.8.0-1.8.11 | Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers |
| CVE-2015-0251-advisory.txt | 1.5.0-1.7.19 and 1.8.0-1.8.11 | Subversion HTTP servers allow spoofing svn:author property values for new revisions |
| CVE-2015-3184-advisory.txt | 1.7.0-1.7.20 and 1.8.0-1.8.13 | Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. |
| CVE-2015-3187-advisory.txt | 1.7.0-1.7.20 and 1.8.0-1.8.13 | Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. |
| CVE-2015-5259-advisory.txt | 1.9.0-1.9.2 | Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. |
| CVE-2016-2167-advisory.txt | 1.5.0-1.8.15 and 1.9.0-1.9.3 | svnserve/sasl may authenticate users using the wrong realm. |
| CVE-2016-2168-advisory.txt | 1.0.0-1.8.15 and 1.9.0-1.9.3 | Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. |
| CVE-2016-8734-advisory.txt [PGP] | 1.4.0-1.8.16 and 1.9.0-1.9.4 | Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// |
| sha1-advisory.txt | 1.1.0-1.8.17 and 1.9.0-1.9.5 | Apache Subversion is unable to store SHA1 collisions. |
| CVE-2017-9800-advisory.txt [PGP] | 1.0.0-1.8.18 and 1.9.0-1.9.6 and 1.10.0-alpha1-1.10.0-alpha3 | Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url |
| CVE-2018-11803-advisory.txt [PGP] | 1.10.0-1.10.3 and 1.11.0 | Subversion's mod_dav_svn Apache HTTPD module will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. |
| CVE-2018-11782-advisory.txt [PGP] | 1.9.0-1.9.10, 1.10.0-1.10.4, 1.11.0-1.11.1, 1.12.0 | Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'. |
| CVE-2019-0203-advisory.txt [PGP] | 1.9.0-1.9.10, 1.10.0-1.10.4, 1.11.0-1.11.1, 1.12.0 | Remote unauthenticated denial-of-service in Subversion svnserve. |
| CVE-2020-17525-advisory.txt [PGP] | 1.9.0-1.9.10, 1.10.0-1.10.6, 1.11.0-1.11.1, 1.12.0-1.12.2, 1.13.0, 1.14.0 | Remote unauthenticated denial-of-service in mod_authz_svn. |
| CVE-2021-28544-advisory.txt [PGP] | 1.10.0-1.10.7, 1.14.0-1.14.1 | SVN authz protected copyfrom paths regression |
| CVE-2022-24070-advisory.txt [PGP] | 1.10.0-1.10.7, 1.14.0-1.14.1 | mod_dav_svn is vulnerable to memory corruption |