Details of VAR-202204-0432

ID

VAR-202204-0432

CVE

CVE-2022-24070

TITLE

Subversion of mod_dav_svn Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009515

DESCRIPTION

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2022:2237-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2237 Issue date: 2022-05-12 CVE Names: CVE-2022-24070 ==================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.src.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm aarch64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm noarch: subversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24070 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYn0zB9zjgjWX9erEAQhxeBAApdAY7v0pWKOaHrwL/jyDtl4vOUJIkNqJ eGGAh0Hkqx0C7EyRdcK/Be4sA4hf/p3nCoNM3j4t5x4tp68Em+Pca3xvI8JB1ZaP Xth05R+H4JtF/P0dZAqFFE6bz1NXtSZFDi9dYdDO61+Rvwzh3rjkk7Y6s0wLqv8U rbHmdeMTSv29Xts3p+jaERyOArehFGbu/O5baTpzxPgFB+4PT8kn/cD388kFT4yq /vVYQd1P1F7YIUvpDUJZ3hd0xD+eSdIspj2E993A8ZYmcs+/Vlls9ZqRrh1PECsH ob43yPoQZviiR/Cf8rVOn0z1B8wMHBerIFSirnop3TI3bh13HXC1m1u4p8PuJo3r g15PAwMObhFY2Lng8/rYHIFSVtG3Kq2BpvxE1YlhiKaXN05uuXm6LJwdp1/d/Zyn WZ9e3Qz6P+9FQipa1VJOXywuQd+7z6LGlauVOFSE1ygZD5sz4emChrazDzsulSVa AjqqspxG/vsP2M2Uv24oH1U7X+znKjsgVHipG1vOFx36forA15C4w1zVFDUOyBA3 i9/epfF0UZBf1mXvFivko8VlXHlOMSdb7hvKGxzCh5sMmf0DwPcBCNhoduPV+hTJ YNb659CEKyanABykQVoeSGMyNRkiIN0cY0zqNvuJ+BqcWJlXXChfbqquDtrcEfp9 4b1VTFMy6Kk=8/Kr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . CVE-2022-24070 Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules, which can result in denial of service (crash of HTTPD worker handling the request). For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1. We recommend that you upgrade your subversion packages. For the detailed security status of subversion please refer to its security tracker page at: https://security-tracker.debian.org/tracker/subversion Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJWT8RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T5nA//cNwSe776flBf6n4X6Lo6zctM1q4ZNsY0dzr1lV9TpOOg4SlA/esb6gDa 9b/Ty+FwOg3T3vdw0HU2rqFTFimb6I+/gM3ly1XOvtqHXj6av4caDtAPk7wyNOdk Pi4kzd2bISM6rZUqQDGFstMrNk5a+N7TajIT+7UAO7Ar85IDwvke269TsYxEZtka gjUNRc7J2FXY9QHd47DnD2CK3CGix+t4tKGJVdeHx1zGb/73vSRki0RnwNpAbr2h wvzj+W9Hx92Nh1GCNoYv3b7oyxjPBerI/v4QrYu2EnPYaV8oLW0JPc4JYf0YPQrR R/RNhydAzOqFzy05rMCq9WZHwH++fBhJmWctA/LfOJYO+Lrj6HI17D4gPJraofcZ Jjcb7j156fY7FGclrPDuavOe2GmcylxUmUiwu1eL6PYZ/QAcdbbaw8nf1V1f9cDj tzTAAIKdRtsCtkC9WYSz/H5+UckJ8XYK3+nxRIblIsHHgk8ICOO5mWEIzEbqzGad NKwysuNBSFqUQCLMADf0fZTxHts6DF8Sj3yjVaDfCrVqTY+Qk8yTl97dnAxflI3W HX7ees+yLmHF46P7gskWy0YLSPXmqRkSagpA60AT+DekLpXL+pIBgFN+bgtndr4i fNAhsxLlmPZ9EVzVbfHT5J3ULRXdi1vwHiXXjuJBKkwNLybCu60= =Bytg -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5450-1 May 27, 2022 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in subversion. Software Description: - subversion: Advanced version control system Details: Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544) Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libapache2-mod-svn 1.14.1-3ubuntu0.22.04.1 libsvn1 1.14.1-3ubuntu0.22.04.1 subversion 1.14.1-3ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. 9) - aarch64, ppc64le, s390x, x86_64 3

Trust: 2.43

sources: NVD: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 167158 // PACKETSTORM: 169362 // PACKETSTORM: 167280 // PACKETSTORM: 167165 // PACKETSTORM: 167374

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	apache	model:	subversion	scope:	gte	version:	1.10.0	Trust: 1.0
vendor:	apache	model:	subversion	scope:	lt	version:	1.10.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apache	model:	subversion	scope:	lt	version:	1.14.2	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	apache	model:	subversion	scope:	gte	version:	1.14.0	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	subversion	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009515 // NVD: CVE-2022-24070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24070
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24070
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2957
value:	HIGH
Trust: 0.6
VULHUB:	VHN-413621
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-24070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-24070
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-413621
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24070
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24070
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // CNNVD: CNNVD-202204-2957 // NVD: CVE-2022-24070

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-413621 // JVNDB: JVNDB-2022-009515 // NVD: CVE-2022-24070

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 167280 // CNNVD: CNNVD-202204-2957

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2957

PATCH

title:	HT213345	url:	https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife	Trust: 0.8
title:	Apache Subversion Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190233	Trust: 0.6
title:	Ubuntu Security Notice: USN-5372-1: Subversion vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5372-1	Trust: 0.1
title:	Ubuntu Security Notice: USN-5450-1: Subversion vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5450-1	Trust: 0.1
title:	Red Hat: Important: subversion:1.14 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224722 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222236 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222234 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.14 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224941 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224591 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222237 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222222 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5119-1 subversion -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=92807168ef39b4ee91e68837b0467938	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-24070	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-076	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-076	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-149	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-149	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // CNNVD: CNNVD-202204-2957

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24070	Trust: 4.1
db:	PACKETSTORM	id:	167280	Trust: 0.8
db:	PACKETSTORM	id:	167374	Trust: 0.8
db:	PACKETSTORM	id:	167165	Trust: 0.8
db:	PACKETSTORM	id:	167455	Trust: 0.8
db:	PACKETSTORM	id:	167159	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009515	Trust: 0.8
db:	PACKETSTORM	id:	167244	Trust: 0.7
db:	PACKETSTORM	id:	167787	Trust: 0.7
db:	CS-HELP	id:	SB2022041263	Trust: 0.6
db:	CS-HELP	id:	SB2022051234	Trust: 0.6
db:	CS-HELP	id:	SB2022051741	Trust: 0.6
db:	CS-HELP	id:	SB2022052711	Trust: 0.6
db:	CS-HELP	id:	SB2022060923	Trust: 0.6
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	CS-HELP	id:	SB2022041402	Trust: 0.6
db:	CS-HELP	id:	SB2022052804	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1641	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2525	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2639	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3559	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1596	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2345	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2848	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2377	Trust: 0.6
db:	PACKETSTORM	id:	166704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2957	Trust: 0.6
db:	PACKETSTORM	id:	167158	Trust: 0.2
db:	PACKETSTORM	id:	167126	Trust: 0.1
db:	CNVD	id:	CNVD-2022-38524	Trust: 0.1
db:	VULHUB	id:	VHN-413621	Trust: 0.1
db:	VULMON	id:	CVE-2022-24070	Trust: 0.1
db:	PACKETSTORM	id:	169362	Trust: 0.1

sources: VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 167158 // PACKETSTORM: 169362 // PACKETSTORM: 167280 // PACKETSTORM: 167165 // PACKETSTORM: 167374 // CNNVD: CNNVD-202204-2957 // NVD: CVE-2022-24070

REFERENCES

url:	https://www.debian.org/security/2022/dsa-5119	Trust: 1.9
url:	https://support.apple.com/kb/ht213345	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/jul/18	Trust: 1.8
url:	https://bz.apache.org/bugzilla/show_bug.cgi?id=65861	Trust: 1.8
url:	https://cwiki.apache.org/confluence/display/httpd/modulelife	Trust: 1.8
url:	https://issues.apache.org/jira/browse/svn-4880	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24070	Trust: 1.5
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2022-24070	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.2525	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3559	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-24070/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052804	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1596	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2848	Trust: 0.6
url:	https://packetstormsecurity.com/files/167165/red-hat-security-advisory-2022-2236-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060923	Trust: 0.6
url:	https://support.apple.com/en-us/ht213345	Trust: 0.6
url:	https://packetstormsecurity.com/files/167244/red-hat-security-advisory-2022-4722-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167374/red-hat-security-advisory-2022-4591-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167280/ubuntu-security-notice-usn-5450-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167455/red-hat-security-advisory-2022-4941-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2377	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051741	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052711	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-subversion-memory-corruption-via-mod-dav-svn-38023	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1641	Trust: 0.6
url:	https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041263	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2639	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://packetstormsecurity.com/files/167159/red-hat-security-advisory-2022-2234-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041402	Trust: 0.6
url:	https://packetstormsecurity.com/files/166704/ubuntu-security-notice-usn-5372-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051234	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2345	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28544	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5372-1	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2234	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4941	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2237	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/subversion	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.22.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5450-1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2236	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4591	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 167158 // PACKETSTORM: 167165 // PACKETSTORM: 167374

SOURCES

db:	VULHUB	id:	VHN-413621
db:	VULMON	id:	CVE-2022-24070
db:	JVNDB	id:	JVNDB-2022-009515
db:	PACKETSTORM	id:	167159
db:	PACKETSTORM	id:	167455
db:	PACKETSTORM	id:	167158
db:	PACKETSTORM	id:	169362
db:	PACKETSTORM	id:	167280
db:	PACKETSTORM	id:	167165
db:	PACKETSTORM	id:	167374
db:	CNNVD	id:	CNNVD-202204-2957
db:	NVD	id:	CVE-2022-24070

LAST UPDATE DATE

2025-04-28T22:15:13.014000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-413621	date:	2022-10-28T00:00:00
db:	VULMON	id:	CVE-2022-24070	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009515	date:	2023-08-07T01:41:00
db:	CNNVD	id:	CNNVD-202204-2957	date:	2022-07-25T00:00:00
db:	NVD	id:	CVE-2022-24070	date:	2024-11-21T06:49:45.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-413621	date:	2022-04-12T00:00:00
db:	VULMON	id:	CVE-2022-24070	date:	2022-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009515	date:	2023-08-07T00:00:00
db:	PACKETSTORM	id:	167159	date:	2022-05-12T16:35:42
db:	PACKETSTORM	id:	167455	date:	2022-06-09T16:10:49
db:	PACKETSTORM	id:	167158	date:	2022-05-12T16:35:35
db:	PACKETSTORM	id:	169362	date:	2022-04-28T19:12:00
db:	PACKETSTORM	id:	167280	date:	2022-05-27T15:37:43
db:	PACKETSTORM	id:	167165	date:	2022-05-13T16:05:30
db:	PACKETSTORM	id:	167374	date:	2022-06-03T15:34:36
db:	CNNVD	id:	CNNVD-202204-2957	date:	2022-04-12T00:00:00
db:	NVD	id:	CVE-2022-24070	date:	2022-04-12T18:15:09.137