CVE-2022-24070
📋 TL;DR
This CVE describes a use-after-free vulnerability in Subversion's mod_dav_svn module that can lead to memory corruption. When processing path-based authorization rules, the server may access freed memory, potentially causing crashes or arbitrary code execution. Only Subversion servers using mod_dav_svn are affected.
💻 Affected Systems
- Apache Subversion mod_dav_svn
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, or lateral movement within the network.
Likely Case
Server crashes (denial of service) or memory corruption leading to unpredictable behavior.
If Mitigated
Limited to denial of service if exploit attempts fail or are blocked by security controls.
🎯 Exploit Status
Exploitation requires triggering the path-based authorization lookup process. No public exploit code was found in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Subversion 1.14.2 or later
Vendor Advisory: https://lists.apache.org/thread/4xl5d6k8sx9v9o1n0r8y2qjy7t1k3w6p
Restart Required: Yes
Instructions:
1. Upgrade Subversion to version 1.14.2 or later. 2. Restart Apache HTTP server or Subversion service. 3. Verify the patch is applied by checking version.
🔧 Temporary Workarounds
Disable mod_dav_svn
allTemporarily disable the vulnerable module if not required
# Comment out LoadModule dav_svn_module in Apache config
# LoadModule dav_svn_module modules/mod_dav_svn.so
Disable path-based authorization
allRemove or disable path-based authorization rules if possible
# Remove or comment out AuthzSVNAccessFile directives in Apache config
🧯 If You Can't Patch
- Implement network segmentation to isolate Subversion servers from critical systems
- Deploy web application firewall (WAF) rules to detect and block exploit attempts
🔍 How to Verify
Check if Vulnerable:
Check if mod_dav_svn is loaded and Subversion version is between 1.10.0 and 1.14.1Check Version:
svn --version | grep '^svn, version'Verify Fix Applied:
Verify Subversion version is 1.14.2 or later and mod_dav_svn is still functional📡 Detection & Monitoring
Log Indicators:
- Apache error logs showing segmentation faults or memory corruption errors
- Unusual Subversion access patterns or failed authorization attempts
Network Indicators:
- Unusual HTTP requests to mod_dav_svn endpoints
- Multiple connection attempts triggering authorization lookups
SIEM Query:
source="apache_error.log" AND ("segmentation fault" OR "memory corruption" OR "mod_dav_svn")🔗 References
- http://seclists.org/fulldisclosure/2022/Jul/18
- https://bz.apache.org/bugzilla/show_bug.cgi?id=65861
- https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife
- https://issues.apache.org/jira/browse/SVN-4880
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/
- https://support.apple.com/kb/HT213345
- https://www.debian.org/security/2022/dsa-5119
- http://seclists.org/fulldisclosure/2022/Jul/18
- https://bz.apache.org/bugzilla/show_bug.cgi?id=65861
- https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife
- https://issues.apache.org/jira/browse/SVN-4880
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/
- https://support.apple.com/kb/HT213345
- https://www.debian.org/security/2022/dsa-5119
