FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-4644

This CVE name corresponds to:

Entered Topic
2011-01-13 subversion -- multiple DoS

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-4644 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-4644
Phase Assigned(20110103)

Description

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

References

Source Reference
MLIST [dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB
MLIST [oss-security] 20110102 CVE request for subversion
MLIST [oss-security] 20110104 Re: CVE request for subversion
MLIST [oss-security] 20110104 Re: CVE request for subversion
MLIST [oss-security] 20110105 Re: CVE request for subversion
MLIST [subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing?
MLIST [www-announce] 20101124 Apache Subversion 1.6.15 Released
CONFIRM http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1032808
FEDORA FEDORA-2011-0099
MANDRIVA MDVSA-2011:006
REDHAT RHSA-2011:0257
REDHAT RHSA-2011:0258
SUSE SUSE-SR:2011:005
UBUNTU USN-1053-1
BID 45655
SECTRACK 1024935
SECUNIA 42780
SECUNIA 42969
SECUNIA 43139
SECUNIA 43115
SECUNIA 43346
VUPEN ADV-2011-0015
VUPEN ADV-2011-0103
VUPEN ADV-2011-0162
VUPEN ADV-2011-0264
XF subversion-blameg-dos(64473)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.