CVE-2010-1623

2010-10-0400:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.425 Medium

EPSS

Percentile

97.3%

JSON

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c
in the Apache Portable Runtime Utility library (aka APR-util) before
1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and
other software, allows remote attackers to cause a denial of service
(memory consumption) via unspecified vectors related to the destruction of
an APR bucket.

Notes

Author	Note
mdeslaur	will be fixed in apache2 2.2.17. apache2 has an embedded code copy of apr-util. Dapper uses the embedded version, hardy+ uses the system apr-util. apache2 2.2.15+ also use the code in mod_reqtimeout lucid mod_reqtimeout backport already contains this fix

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.12UNKNOWN
ubuntu10.10noarchapache2< 2.2.16-1ubuntu3.1UNKNOWN
ubuntu8.04noarchapr-util< 1.2.12+dfsg-3ubuntu0.3UNKNOWN
ubuntu9.10noarchapr-util< 1.3.9+dfsg-1ubuntu1.1UNKNOWN
ubuntu10.04noarchapr-util< 1.3.9+dfsg-3ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchapr-util< 1.3.9+dfsg-3ubuntu0.10.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	apache2	< 2.0.55-4ubuntu2.12	UNKNOWN
ubuntu	10.10	noarch	apache2	< 2.2.16-1ubuntu3.1	UNKNOWN
ubuntu	8.04	noarch	apr-util	< 1.2.12+dfsg-3ubuntu0.3	UNKNOWN
ubuntu	9.10	noarch	apr-util	< 1.3.9+dfsg-1ubuntu1.1	UNKNOWN
ubuntu	10.04	noarch	apr-util	< 1.3.9+dfsg-3ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	apr-util	< 1.3.9+dfsg-3ubuntu0.10.10.1	UNKNOWN