vulnerability

Amazon Linux 2023: CVE-2022-24070: Important priority package update for subversion

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 4, 2021
Added
Feb 17, 2025
Modified
Jul 9, 2025

Description

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
A use-after-free vulnerability was found in Subversion in the mod_dav_svn Apache HTTP server (HTTPd) module. While looking up path-based authorization (authz) rules, multiple calls to the post_config hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue crashes the single HTTPd worker thread or the entire HTTPd server process, depending on the configuration of the Apache HTTPd server.

Solutions

amazon-linux-2023-upgrade-python3-subversionamazon-linux-2023-upgrade-python3-subversion-debuginfoamazon-linux-2023-upgrade-subversionamazon-linux-2023-upgrade-subversion-debuginfoamazon-linux-2023-upgrade-subversion-debugsourceamazon-linux-2023-upgrade-subversion-develamazon-linux-2023-upgrade-subversion-devel-debuginfoamazon-linux-2023-upgrade-subversion-javahlamazon-linux-2023-upgrade-subversion-libsamazon-linux-2023-upgrade-subversion-libs-debuginfoamazon-linux-2023-upgrade-subversion-perlamazon-linux-2023-upgrade-subversion-perl-debuginfoamazon-linux-2023-upgrade-subversion-toolsamazon-linux-2023-upgrade-subversion-tools-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today