CVE-2022-24070: Apache Subversion mod_dav_svn is vulnerable to memory corruption
Published Apr 12, 2022
·Updated
AMD. A memory corruption issue was addressed with improved input validation.
Other sources
APFS. The issue was addressed with improved memory handling.
— Apple
Apple Neural Engine. An integer overflow was addressed with improved input validation.
— Apple
Apple Neural Engine. An out-of-bounds read was addressed with improved bounds checking.
— Apple
Apple Neural Engine. The issue was addressed with improved memory handling.
— Apple
Apple Neural Engine. This issue was addressed with improved checks.
— Apple
Credit
Evgeny Kotkov, visualsvn.com, Mickey Jin@@patch1t(Baidu Security), Ye Zhang@@co0py_Cat(Baidu Security), Mickey Jin@@patch1t(Trend Micro), Ferdous Saljooki@@malwarezoo(Jamf Software), an anonymous researcher, John Aakerblom@@jaakerblom, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Csaba Fitzl@@theevilbit(Offensive Security), Antonio Zekic@@antoniozekic, Daniel Lim Wee Soong(STAR Labs), Joshua Mason(Mandiant), Joshua Jones, Dohyun Lee@@l33d0hyun(SSD Secure Disclosure Labs), Korea Univ., Ivan Fratric(Google Project Zero), Mickey Jin@@patch1t, hjy79425575, Yiğit Can YILMAZ@@yilmazcanyigit, ABC Research s.r.o, Yinyi Wu@@3ndy1, ABC Research s.r.o., Dongzhuo Zhao(ADLab of Venustech), (Cyberpeace Tech Co), ZhaoHai(Cyberpeace Tech Co), Ltd., Xinru Chi(Pangu Lab), Tingting Yin(Tsinghua University), (Ant Group), Min Zheng(Ant Group), Hexhive (hexhive.epfl.ch)(China), NCNIPC(China), CVE-2022-32823, Pan ZhenPeng@@Peterpan0927, Kai Lu(Zscaler's ThreatLabz), Sreejith Krishnan R@@skr0x1c0, Jeffrey Paul (sneak.berlin), Joshua Mason @jhu.edu)@@josh, Xuxiang Yang@@another1024(Tencent Security Xuanwu Lab), Gordon Long(Computest Sector 7), Thijs Alkemade@@xnyhps(Computest Sector 7), Adam Chester(TrustedSec), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Binoy Chitale(Illinois at Chicago), MS student(Illinois at Chicago), Stony Brook University(Illinois at Chicago), Nick Nikiforakis(Illinois at Chicago), Associate Professor(Illinois at Chicago), Jason Polakis(Illinois at Chicago), University(Illinois at Chicago), Mir Masood Ali(Illinois at Chicago), PhD student(Illinois at Chicago), Chris Kanich(Illinois at Chicago), (Illinois at Chicago), Mohammad Ghasemisharif(Illinois at Chicago), PhD Candidate(Illinois at Chicago), P1umer@@p1umer, Q1IQ@@q1iqF, Matthias Keller (m-keller.com), afang@@afang5472, xmzyshypnc@@xmzyshypnc1, Manfred Paul@@_manfp(Trend Micro Zero Day Initiative), Jan Vojtesek(Avast Threat Intelligence team), Wang Yu(Cyberserval), Jeremy Legendre(MacEnhance), Mohamed Ghannam@@_simo36, Tommy Muir@@Muirey03, Natalie Silvanovich(Google Project Zero), Wojciech Reguła@@_r3ggi(SecuRing)
Affected Software
9 affected componentsFixes available
debian/subversion
1.10.4-1+deb10u31.14.1-3+deb11u11.14.2-4
Apple macOS Monterey<12.5
12.5
Apache subversion>=1.10.0<1.10.8
Apache subversion>=1.14.0<1.14.2
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Apple macOS>=12.0<12.5
Event History
Apr 12, 2022
CVE Published
via MITRE·05:50 PM
Data Sourced
via MITRE·05:50 PM
DescriptionWeakness
Jul 20, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2022-42858
- CVE-2022-32832
- CVE-2022-32788
- CVE-2022-32880
- CVE-2022-32826
- CVE-2022-42805
- CVE-2022-32948
- CVE-2022-32810
- CVE-2022-32840
- CVE-2022-32845
- CVE-2022-48578
- CVE-2022-32797
- CVE-2022-32851
- CVE-2022-32852
- CVE-2022-32853
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32820
- CVE-2022-32825
- CVE-2022-32789
- CVE-2022-32805
- CVE-2022-32828
- CVE-2022-32839
- CVE-2022-32819
- CVE-2022-32793
- CVE-2022-32821
- CVE-2022-32849
- CVE-2022-32787
- CVE-2022-32897
- CVE-2022-32802
- CVE-2022-32841
- CVE-2022-32785
- CVE-2022-32811
- CVE-2022-32812
- CVE-2022-48503
- CVE-2022-32813
- CVE-2022-32815
- CVE-2022-32817
- CVE-2022-32829
- CVE-2022-26981
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-46708
- CVE-2022-32796
- CVE-2022-32842
- CVE-2022-32798
- CVE-2022-32799
- CVE-2022-32818
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-32801
- CVE-2021-28544
- CVE-2022-24070
- CVE-2022-29046
- CVE-2022-29048
- CVE-2022-32834
- CVE-2022-32933
- CVE-2022-32885
- CVE-2022-32861
- CVE-2022-32863
- CVE-2022-32816
- CVE-2022-32792
- CVE-2022-2294
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-32848
Frequently Asked Questions
1
What is the vulnerability ID of this subversion issue?
The vulnerability ID of this subversion issue is CVE-2022-24070.
2
What is the severity of CVE-2022-24070?
The severity of CVE-2022-24070 has not been specified.
3
How can I check if I am affected by CVE-2022-24070?
You can check if you are affected by CVE-2022-24070 by verifying the version of macOS Monterey on your system.
4
How do I fix CVE-2022-24070?
To fix CVE-2022-24070, update your macOS Monterey to version 12.5 or later.
5
Where can I find more information about CVE-2022-24070?
You can find more information about CVE-2022-24070 on the Apple support website: https://support.apple.com/en-us/HT213345.