2009-08-06 17:30:00 2017-09-19 03:29:06

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.6 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.16 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.1 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.0 Apache Portable runtime 1.3.8 (not an official CPE) Apache Apr-util 0.9.3-dev (not an official CPE) Apache Apr-util 1.3.4-dev (not an official CPE) Apache Portable runtime 1.3.4-dev (not an official CPE) Apache Apr-util 0.9.7-dev (not an official CPE) Apache Portable runtime 1.3.4 (not an official CPE) Apache Portable runtime 1.3.5 (not an official CPE) Apache Portable runtime 1.3.0 (not an official CPE) Apache Portable runtime 1.3.1 (not an official CPE) Apache Portable runtime 1.3.6 (not an official CPE) Apache Portable runtime 1.3.7 (not an official CPE) Apache Portable runtime 1.3.2 (not an official CPE) Apache Portable runtime 1.3.3 (not an official CPE) Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.6 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.5 Apache Portable runtime 0.9.7-dev (not an official CPE) Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.4 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.5 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.4 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.3 Apache Apr-util 1.3.6-dev (not an official CPE) Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.9 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.8 Apache Portable runtime 0.9.7 (not an official CPE) Apache Portable runtime 0.9.8 (not an official CPE) Apache Portable runtime 0.9.2-dev (not an official CPE) Apache Portable runtime 0.9.1 (not an official CPE) Apache Apr-util 0.9.2-dev (not an official CPE) Apache Portable runtime 0.9.2 (not an official CPE) Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.2 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.1 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.7 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.2 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.3 Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.8 Apache Portable runtime 0.9.4 (not an official CPE) Apache Portable runtime 0.9.3 (not an official CPE) Apache Portable runtime 0.9.9 (not an official CPE) Apache Portable runtime 1.3.6-dev (not an official CPE) Apache Portable runtime 0.9.16-dev (not an official CPE) Apache Portable runtime 0.9.3-dev (not an official CPE) Apache Portable runtime 0.9.6 (not an official CPE) Apache Portable runtime 0.9.5 (not an official CPE)