CVE-2022-24070

CVE-2022-24070: Apache Subversion mod_dav_svn is vulnerable to memory corruption

Vendor Apache Software Foundation

Product Apache Subversion

Weakness CWE-416

Published April 12, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

Key dates

Disclosure timeline

April 12, 2022 CVE published

August 3, 2024 Record updated