CVE-2009-1956

Currently unrated

Key Information:

Vendor: Apache
Status: Apr-util
Vendor: CVE Published:; 8 June 2009

Summary

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

References

http://secunia.com/advisories/35487

third-party-advisoryx_refsource_SECUNIA

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1907

vdb-entryx_refsource_VUPEN

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 8, 2009
Vulnerability Reserved
Jun 6, 2009