CVE-2014-8108

Name	CVE-2014-8108
Description	The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs	773315

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
subversion (PTS)	buster, buster (security)	1.10.4-1+deb10u3	fixed
	bullseye (security), bullseye	1.14.1-3+deb11u1	fixed
	bookworm, sid	1.14.2-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
subversion	source	squeeze	(not affected)
subversion	source	wheezy	(not affected)
subversion	source	(unstable)	1.8.10-5	773315

Notes

[wheezy] - subversion <not-affected> (Introduced in 1.7.0)
[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt