Integer Overflow Vulnerabilities in Apache Portable Runtime Library
CVE-2009-2412

Currently unrated

Key Information:

Vendor

Apache
Status
Apr-util
Portable Runtime
Vendor
CVE Published:
6 August 2009

What is CVE-2009-2412?

The Apache Portable Runtime (APR) library contains multiple integer overflow vulnerabilities that can be exploited by remote attackers. Attackers may cause a denial of service by triggering application crashes or, in some cases, execute arbitrary code. This is achieved by crafting specific calls to functions such as allocator_alloc or apr_palloc in APR, or implementing designed calls to apr_rmm_malloc, apr_rmm_calloc, or apr_rmm_realloc in APR-util. An analysis of the memory management functions reveals risks where buffer overflows can emerge, leading to potentially severe consequences for affected applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-security-announce/2009...
vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/36233
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1107
vdb-entryx_refsource_VUPEN

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.