CVE-2022-24070

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24070

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24070.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24070

Aliases

BIT-subversion-2022-24070

Downstream

ALPINE-CVE-2022-24070

DEBIAN-CVE-2022-24070

DSA-5119-1

OESA-2022-1647

RHSA-2022:2222

RHSA-2022:2234

RHSA-2022:2236

RHSA-2022:2237

RHSA-2022:4591

RHSA-2022:4722

RHSA-2022:4941

RLSA-2022:4591

SUSE-SU-2022:1161-1

SUSE-SU-2022:1162-1

SUSE-SU-2022:1483-1

UBUNTU-CVE-2022-24070

USN-5372-1

USN-5450-1

openSUSE-SU-2024:12007-1

Related

Published

2022-04-12T18:15:09Z

Modified

2025-10-21T02:36:39Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use moddavsvn are not affected.

References

Affected packages

Git / github.com/apache/subversion

Affected ranges

Type: GIT
Repo: https://github.com/apache/subversion
Events: Introduced

2872254e96ee2eb1dbb6f8bc44134e08380bb20b

Fixed

f309de7c1d9275d13b67c3a7d0b59b2a0e7c4e84