Apache Httpd < 2.0.64: APR apr_palloc heap overflow

2009-07-27T00:00:00
ID HTTPD:C67FA15AC06B0B82FE19C7B9ECC66350
Type httpd
Reporter Apache Team Foundation
Modified 2010-10-19T00:00:00

Description

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.