{"id":"UBUNTU-CVE-2015-5343","details":"Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.","modified":"2025-09-08T16:43:25Z","published":"2015-12-15T00:00:00Z","upstream":["CVE-2015-5343"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5343"},{"type":"REPORT","url":"https://subversion.apache.org/security/CVE-2015-5343-advisory.txt"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-5343"}],"affected":[{"package":{"name":"subversion","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/subversion@1.8.8-1ubuntu3.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.8-1ubuntu3.3"}]}],"versions":["1.7.9-1+nmu6ubuntu3","1.7.13-2ubuntu1","1.7.13-2ubuntu2","1.7.13-2ubuntu3","1.7.14-1ubuntu2","1.8.5-2ubuntu3","1.8.8-1ubuntu2","1.8.8-1ubuntu3","1.8.8-1ubuntu3.1","1.8.8-1ubuntu3.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libapache2-mod-svn"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libapache2-svn"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libsvn-dev"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libsvn-java"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libsvn-perl"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libsvn-ruby1.8"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"libsvn1"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"python-subversion"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"ruby-svn"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"subversion"},{"binary_version":"1.8.8-1ubuntu3.3","binary_name":"subversion-tools"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5343.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]}