Off-by-One Error in Apache APR-util on Big-Endian Platforms
CVE-2009-1956

Currently unrated

Key Information:

Vendor: Apache
Status: Apr-util
Vendor: CVE Published:; 8 June 2009

Summary

The Apache APR-util library contains an off-by-one error in the apr_brigade_vprintf function on big-endian platforms. This vulnerability can be exploited by remote attackers to access sensitive information or potentially cause a denial of service by crashing the affected application with specially crafted input. It is imperative for users of affected versions to apply available security patches to mitigate these risks.

References

http://secunia.com/advisories/35487

third-party-advisoryx_refsource_SECUNIA

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/1907

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jun 8, 2009
Vulnerability Reserved
Jun 6, 2009