EUVD-2009-1951

Malware in sbrugna...

Apache APR 'apr_fnmatch()'拒绝服务漏洞

gtraq ID: 47820 CVE ID：CVE-2011-0419 Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。 当处理某些模式时"aprfnmatch"函数存在循环递归错误，通过提交包含通配符如""的特制请求时可触发基于栈的溢出 Apache APR 1.x 厂商解决方案 Apache Software Foundation APR 1.4.4 已经修复此漏洞，建议用户下载使用： http://www.apache.org/dist/apr/CHANGES-APR-1.4...

Mandriva Security Advisory MDVSA-2009:314 (apr)

The remote host is missing an update to apr announced via advisory MDVSA-2009:314. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Apache APR和APR-util整数溢出漏洞

Bugraq ID: 35949 CVE ID：CVE-2009-2412 Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。 Apache APR Apache Portable Runtime和'APR-util'存在整数溢出，远程攻击者可以利用漏洞以利用此库的应用程序安全上下文执行任意代码。 -当对齐重定位内存块时memory/unix/aprpools.c存在整数溢出错误，可导致缓冲区溢出。 -当对齐重定位内存块时misc/aprrmm.c中的"aprrmmmalloc", "aprrmmcalloc",...

Heap overflow

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...

CVE-2009-1956

Off-by-one error in the aprbrigadevprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service application crash via crafted input...