CVE-2009-1956

Severity

64%

Complexity

99%

Confidentiality

81%

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

Type

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util)

First reported 15 years ago

2009-06-08 01:00:00

Last updated 7 years ago

2017-09-29 01:34:00

Affected Software

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.1

0.9.1

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.2

0.9.2

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.3

0.9.3

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.4

0.9.4

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.5

0.9.5

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.0

1.0

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.0.1

1.0.1

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.0.2

1.0.2

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.1.0

1.1.0

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.1.1

1.1.1

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.1.2

1.1.2

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.2.1

1.2.1

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.2.2

1.2.2

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.2.6

1.2.6

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.2.7

1.2.7

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.2.8

1.2.8

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.0

1.3.0

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.1

1.3.1

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.2

1.3.2

Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.3

1.3.3

References

APPLE-SA-2009-11-09-1

HPSBUX02612

34724

35284

35395

35487

35565

35710

35797

35843

37221

GLSA-200907-03

http://support.apple.com/kb/HT3937

http://svn.apache.org/viewvc?view=rev&revision=768417

Patch

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3

[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?

[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?

MDVSA-2009:131

MDVSA-2013:150

[oss-security] 20090605 CVE Request (apr-util)

Exploit, Patch

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

RHSA-2009:1107

RHSA-2009:1108

35251

USN-786-1

USN-787-1

ADV-2009-1907

ADV-2009-3184

PK88341

PK91241

PK99478

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

https://bugzilla.redhat.com/show_bug.cgi?id=504390

Exploit, Patch

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11567

oval:org.mitre.oval:def:12237

FEDORA-2009-6014

FEDORA-2009-6261

FEDORA-2009-5969

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.