CVE-2010-1623

APR-util < 1.3.10 - Memory Leak in apr_brigade_split_line

Title source: llm
STIX 2.1

Description

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

References (59)

Core 59
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3065
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43285
URL Repurposed x_refsource_confirm
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3064
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-1623
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2806
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41701
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1022-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0950.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42361
Mailing List, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0897.html
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2556
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42403
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43673
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42367
Mailing List, Third Party Advisory x_refsource_confirm
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43211
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42015
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42537
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
URL Repurposed vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2557
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3074
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1021-1
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0358

Scores

EPSS 0.2017
EPSS Percentile 97.2%

Details

CWE
CWE-119
Status published
Products (44)
apache/apr-util 0.9.1
apache/apr-util 0.9.2
apache/apr-util 0.9.3
apache/apr-util 0.9.4
apache/apr-util 0.9.5
apache/apr-util 0.9.6
apache/apr-util 0.9.7
apache/apr-util 0.9.8
apache/apr-util 0.9.9
apache/apr-util 0.9.10
... and 34 more
Published Oct 04, 2010
Tracked Since Feb 18, 2026