Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. A null-pointer-dereference in svnserve results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled. The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer dereference occurs in svnserve. Exploitation results in denial of service by crashing an svnserve process. The impact of this differs depending on how svnserve is launched, including the different run modes selected by options such as "svnserve -d", "svnserve -T -d", "svnserve -t", and "svnserve -i".
Created subversion tracking bugs for this issue: Affects: fedora-all [bug 1735579]
External References: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2512 https://access.redhat.com/errata/RHSA-2019:2512
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0203
Acknowledgments: Name: the Subversion project (Apache Software Foundation) Upstream: Tomas Bortoli