{"id":"CVE-2022-24070","details":"Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.","aliases":["BIT-subversion-2022-24070"],"modified":"2026-04-02T07:49:40.911979Z","published":"2022-04-12T18:15:09.137Z","related":["ALSA-2022:2234","MGASA-2022-0140","SUSE-SU-2022:1161-1","SUSE-SU-2022:1162-1","SUSE-SU-2022:1483-1","openSUSE-SU-2024:12007-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"},{"type":"ADVISORY","url":"https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213345"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5119"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Jul/18"},{"type":"REPORT","url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"},{"type":"REPORT","url":"https://issues.apache.org/jira/browse/SVN-4880"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/subversion","events":[{"introduced":"2872254e96ee2eb1dbb6f8bc44134e08380bb20b"},{"fixed":"f309de7c1d9275d13b67c3a7d0b59b2a0e7c4e84"},{"introduced":"dd8c950e6f3c3afaab34b14d479087c4621d6ae8"},{"fixed":"412ed3c1c063faef9e00de4d33193fc47d56e494"}],"database_specific":{"versions":[{"introduced":"1.10.0"},{"fixed":"1.10.8"},{"introduced":"1.14.0"},{"fixed":"1.14.2"}]}}],"versions":["1.10.0","1.14.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24070.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"12.0"},{"fixed":"12.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}