CVE-2009-2412

Apache APR and APR-util 0.9.x and 1.3.x - Multiple Integer Overflow Denial of Service

Title source: llm
STIX 2.1

Description

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

References (51)

Core 51
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35949
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-813-2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:195
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3937
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36233
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37152
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36140
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56765
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56766
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36166
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36138
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37221
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3184
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Scores

EPSS 0.1378
EPSS Percentile 96.1%

Details

CWE
CWE-189
Status published
Products (47)
apache/apr-util 0.9.1
apache/apr-util 0.9.2
apache/apr-util 0.9.2-dev
apache/apr-util 0.9.3
apache/apr-util 0.9.3-dev
apache/apr-util 0.9.4
apache/apr-util 0.9.5
apache/apr-util 0.9.6
apache/apr-util 0.9.7-dev
apache/apr-util 0.9.8
... and 37 more
Published Aug 06, 2009
Tracked Since Feb 18, 2026