CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.8%
Multiple integer overflows in the Apache Portable Runtime (APR) library and
the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via vectors that trigger crafted calls to
the (1) allocator_alloc or (2) apr_palloc function in
memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc,
(4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in
APR-util; leading to buffer overflows. NOTE: some of these details are
obtained from third party information.
Author | Note |
---|---|
jdstrand | apache2 on hardy and higher uses system apr and apr-util |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | apache2 | <Β 2.0.55-4ubuntu2.7 | UNKNOWN |
ubuntu | 8.04 | noarch | apr | <Β 1.2.11-1ubuntu0.1 | UNKNOWN |
ubuntu | 8.10 | noarch | apr | <Β 1.2.12-4ubuntu0.1 | UNKNOWN |
ubuntu | 9.04 | noarch | apr | <Β 1.2.12-5ubuntu0.1 | UNKNOWN |
ubuntu | 8.04 | noarch | apr-util | <Β 1.2.12+dfsg-3ubuntu0.2 | UNKNOWN |
ubuntu | 8.10 | noarch | apr-util | <Β 1.2.12+dfsg-7ubuntu0.3 | UNKNOWN |
ubuntu | 9.04 | noarch | apr-util | <Β 1.2.12+dfsg-8ubuntu0.3 | UNKNOWN |