CVE-2020-17525

Remote unauthenticated denial-of-service in Subversion mod_authz_svn

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

El módulo mod_authz_svn de Subversion se bloqueará si el servidor está usando reglas de autenticación en el repositorio con la opción AuthzSVNReposRelativeAccessFile y un cliente envía una petición para una URL de repositorio no existente. Esto puede causar interrupciones para los usuarios del servicio. Este problema se solucionó en los servidores mod_dav_svn+mod_authz_svn versión 1.14.1 y los servidores mod_dav_svn+mod_authz_svn versión 1.10.7

A null-pointer-dereference flaw was found in mod_authz_svn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability.

Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS.

*Credits: Thomas Åkesson (simonsoft.se)

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-08-12 CVE Reserved
2021-02-15 CVE Published
2025-02-13 CVE Updated
2025-02-13 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-416: Use After Free
CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html	Mailing List

URL	Date	SRC
https://subversion.apache.org/security/CVE-2020-17525-advisory.txt	2025-02-13

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-17525	2021-02-15
https://bugzilla.redhat.com/show_bug.cgi?id=1922303	2021-02-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				>= 1.9.0 < 1.10.7 Search vendor "Apache" for product "Subversion" and version " >= 1.9.0 < 1.10.7"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				>= 1.11.0 < 1.14.1 Search vendor "Apache" for product "Subversion" and version " >= 1.11.0 < 1.14.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected