Integer Overflow Vulnerabilities in Apache Portable Runtime Library
CVE-2009-2412

Currently unrated

Key Information:

Vendor: Apache
Status: Apr-util; Portable Runtime
Vendor: CVE Published:; 6 August 2009

Summary

The Apache Portable Runtime (APR) library contains multiple integer overflow vulnerabilities that can be exploited by remote attackers. Attackers may cause a denial of service by triggering application crashes or, in some cases, execute arbitrary code. This is achieved by crafting specific calls to functions such as allocator_alloc or apr_palloc in APR, or implementing designed calls to apr_rmm_malloc, apr_rmm_calloc, or apr_rmm_realloc in APR-util. An analysis of the memory management functions reveals risks where buffer overflows can emerge, leading to potentially severe consequences for affected applications.

References

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/36233

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/1107

vdb-entryx_refsource_VUPEN

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 6, 2009
Vulnerability Reserved
Jul 9, 2009