CVE-2024-45720

CVE-2024-45720

Name

CVE-2024-45720

Description

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://subversion.apache.org/security/CVE-2024-45720-advisory.txt
Mailing List	http://www.openwall.com/lists/oss-security/2024/10/08/3

Type

URI

vendor-advisory

https://subversion.apache.org/security/CVE-2024-45720-advisory.txt

Mailing List

http://www.openwall.com/lists/oss-security/2024/10/08/3

CPE URI	Source package	Min version	Max version
	apache-subversion	>= 1.0.0	<= 1.14.3
`cpe:2.3:a:apache:subversion::::::::`	subversion	>= None	< 1.14.4

CPE URI

Source package

Min version

Max version

apache-subversion

>= 1.0.0

<= 1.14.3

cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*

subversion

>= None

< 1.14.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
subversion	edge-main	1.14.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	edge-main	1.14.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	edge-main	1.14.1-r0	None	possibly vulnerable
subversion	edge-main	1.12.2-r0	None	possibly vulnerable
subversion	edge-main	1.11.1-r0	None	possibly vulnerable
subversion	edge-main	1.9.7-r0	None	possibly vulnerable
subversion	3.22-main	1.14.4-r0	None	fixed
subversion	3.22-main	1.14.2-r0	None	possibly vulnerable
subversion	3.22-main	1.14.1-r0	None	possibly vulnerable
subversion	3.22-main	1.12.2-r0	None	possibly vulnerable
subversion	3.22-main	1.11.1-r0	None	possibly vulnerable
subversion	3.22-main	1.9.7-r0	None	possibly vulnerable
subversion	3.21-main	1.14.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.21-main	1.14.2-r0	None	possibly vulnerable
subversion	3.21-main	1.14.1-r0	None	possibly vulnerable
subversion	3.21-main	1.12.2-r0	None	possibly vulnerable
subversion	3.21-main	1.11.1-r0	None	possibly vulnerable
subversion	3.21-main	1.9.7-r0	None	possibly vulnerable
subversion	3.20-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.20-main	1.14.3-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	3.20-main	1.14.2-r0	None	possibly vulnerable
subversion	3.20-main	1.14.1-r0	None	possibly vulnerable
subversion	3.20-main	1.12.2-r0	None	possibly vulnerable
subversion	3.20-main	1.11.1-r0	None	possibly vulnerable
subversion	3.20-main	1.9.7-r0	None	possibly vulnerable
subversion	3.19-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.19-main	1.14.2-r12	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	3.19-main	1.14.2-r0	None	possibly vulnerable
subversion	3.19-main	1.14.1-r0	None	possibly vulnerable
subversion	3.19-main	1.12.2-r0	None	possibly vulnerable
subversion	3.19-main	1.11.1-r0	None	possibly vulnerable
subversion	3.19-main	1.9.7-r0	None	possibly vulnerable
subversion	3.18-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages