subversion: Remote unauthenticated denial-of-service in Subversion mod_authz_svn (CVE-2020-17525)
A flaw was found in subversion versions 1.9.0 through 1.10.6 and 1.11.0 through 1.14.0. Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service.
Fixed In Version:
Subversion 1.14.1, subversion 1.10.7
References:
- https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
- https://www.openwall.com/lists/oss-security/2021/02/10/2
Affected branches:
- master (7e0b94cf)
- 3.13-stable
- 3.12-stable
- 3.11-stable
- 3.10-stable