Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.6
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.16
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.1
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.0
Apache Portable runtime 1.3.8 (not an official CPE)
Apache Apr-util 0.9.3-dev (not an official CPE)
Apache Apr-util 1.3.4-dev (not an official CPE)
Apache Portable runtime 1.3.4-dev (not an official CPE)
Apache Apr-util 0.9.7-dev (not an official CPE)
Apache Portable runtime 1.3.4 (not an official CPE)
Apache Portable runtime 1.3.5 (not an official CPE)
Apache Portable runtime 1.3.0 (not an official CPE)
Apache Portable runtime 1.3.1 (not an official CPE)
Apache Portable runtime 1.3.6 (not an official CPE)
Apache Portable runtime 1.3.7 (not an official CPE)
Apache Portable runtime 1.3.2 (not an official CPE)
Apache Portable runtime 1.3.3 (not an official CPE)
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.6
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.5
Apache Portable runtime 0.9.7-dev (not an official CPE)
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.4
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.5
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.4
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.3
Apache Apr-util 1.3.6-dev (not an official CPE)
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.9
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.8
Apache Portable runtime 0.9.7 (not an official CPE)
Apache Portable runtime 0.9.8 (not an official CPE)
Apache Portable runtime 0.9.2-dev (not an official CPE)
Apache Portable runtime 0.9.1 (not an official CPE)
Apache Apr-util 0.9.2-dev (not an official CPE)
Apache Portable runtime 0.9.2 (not an official CPE)
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.2
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.1
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.7
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.2
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.3
Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.8
Apache Portable runtime 0.9.4 (not an official CPE)
Apache Portable runtime 0.9.3 (not an official CPE)
Apache Portable runtime 0.9.9 (not an official CPE)
Apache Portable runtime 1.3.6-dev (not an official CPE)
Apache Portable runtime 0.9.16-dev (not an official CPE)
Apache Portable runtime 0.9.3-dev (not an official CPE)
Apache Portable runtime 0.9.6 (not an official CPE)
Apache Portable runtime 0.9.5 (not an official CPE)