CVE-2009-2412

Опубликовано: 06 авг. 2009

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05557

Низкий

10 Critical

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2009-2412

ubuntu

почти 16 лет назад

CVE-2009-2412

redhat

почти 16 лет назад

CVE-2009-2412

debian

почти 16 лет назад

Multiple integer overflows in the Apache Portable Runtime (APR) librar ...

GHSA-8g6v-29rv-3j6m

github

около 3 лет назад

ELSA-2009-1204

oracle-oval

почти 16 лет назад

ELSA-2009-1204: apr and apr-util security update (MODERATE)

EPSS

Процентиль: 90%

0.05557

Низкий

10 Critical

CVSS2

Дефекты

CWE-189