CVE-2018-11782
Publication date 31 July 2019
Last updated 25 August 2025
Ubuntu priority
Description
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.
From the Ubuntu Security Team
Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| subversion | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Fixed 1.9.7-4ubuntu1.1
|
|
| 16.04 LTS xenial |
Fixed 1.9.3-2ubuntu1.3
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4082-2
- Subversion vulnerabilities
- 31 July 2019
- USN-4082-1
- Subversion vulnerabilities
- 31 July 2019
- USN-5445-1
- Subversion vulnerabilities
- 26 May 2022