{"id":"CVE-2015-5259","details":"Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.","modified":"2026-01-27T04:15:06.053954Z","published":"2016-01-08T19:59:01Z","withdrawn":"2026-01-27T04:15:06.053954Z","related":["openSUSE-SU-2024:10538-1"],"references":[{"type":"ADVISORY","url":"http://subversion.apache.org/security/CVE-2015-5259-advisory.txt"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-05"},{"type":"WEB","url":"http://www.securityfocus.com/bid/82300"},{"type":"WEB","url":"http://www.securitytracker.com/id/1034469"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}]}