Subversions mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Subversion | Apache | 1.9.0 (including) | 1.10.7 (excluding) |
| Subversion | Apache | 1.11.0 (including) | 1.14.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | subversion:1.10-8030020210210135829.4035eae3 | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | subversion:1.10-8010020210211092435.fa3af259 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | subversion:1.10-8020020210211092052.f2093e77 | * |
| Subversion | Ubuntu | bionic | * |
| Subversion | Ubuntu | esm-apps/bionic | * |
| Subversion | Ubuntu | esm-apps/focal | * |
| Subversion | Ubuntu | esm-infra/xenial | * |
| Subversion | Ubuntu | focal | * |
| Subversion | Ubuntu | groovy | * |
| Subversion | Ubuntu | trusty | * |
| Subversion | Ubuntu | upstream | * |
| Subversion | Ubuntu | xenial | * |