Bug 709112 (CVE-2011-1783) - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
Summary: CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when confi...
Alias: CVE-2011-1783
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 709218 709219 709220 709221 709952 812251 893085
TreeView+ depends on / blocked
Reported: 2011-05-30 16:56 UTC by Jan Lieskovsky
Modified: 2023-05-11 17:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-07-29 12:48:34 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0862 0 normal SHIPPED_LIVE Moderate: subversion security update 2011-06-08 15:47:05 UTC

Description Jan Lieskovsky 2011-05-30 16:56:01 UTC
An infinite loop was found in the way mod_dav_svn module of the subversion
concurrent version control system processed certain data sets, when
SVNPathAuthz configuration directive with value of 'short_circuit' was used.
A remote attacker could use this flaw to cause the httpd child process to
consume excessive amount of system memory.


Red Hat would like to thank the Apache Subversion project for reporting this
issue. Upstream acknowledges Ivan Zhakov of VisualSVN as the original reporter.

Comment 2 Jan Lieskovsky 2011-05-30 16:59:30 UTC
This issue did NOT affect the version of the subversion package, as shipped
with Red Hat Enterprise Linux 4.


This issue affects the versions of the subversion package, as shipped with
Red Hat Enterprise Linux 5 and 6.


This issue affects the versions of the subversion package, as shipped with
Fedora release of 13, 14, and 15.

Comment 4 Huzaifa S. Sidhpurwala 2011-06-02 05:03:36 UTC
Public via:

Comment 5 Huzaifa S. Sidhpurwala 2011-06-02 05:06:02 UTC
Created subversion tracking bugs for this issue

Affects: fedora-all [bug 709952]

Comment 6 errata-xmlrpc 2011-06-08 15:47:14 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2011:0862 https://rhn.redhat.com/errata/RHSA-2011-0862.html

Note You need to log in before you can comment on or make changes to this bug.