rpm package
opensuse/apr-util&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/apr-util&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25147 | — | < 1.6.3-1.1 | 1.6.3-1.1 | Jan 31, 2023 | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. | ||
| CVE-2017-12618 | Med | 4.7 | < 1.6.1-7.8 | 1.6.1-7.8 | Oct 24, 2017 | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using the | |
| CVE-2010-1623 | — | < 1.5.4-4.4 | 1.5.4-4.4 | Oct 4, 2010 | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of | ||
| CVE-2009-3560 | — | < 1.5.4-4.4 | 1.5.4-4.4 | Dec 4, 2009 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, re | ||
| CVE-2009-3720 | — | < 1.5.4-4.4 | 1.5.4-4.4 | Nov 3, 2009 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger | ||
| CVE-2009-2412 | — | < 1.5.4-4.4 | 1.5.4-4.4 | Aug 6, 2009 | Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft | ||
| CVE-2009-0023 | — | < 1.5.4-4.4 | 1.5.4-4.4 | Jun 8, 2009 | The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in |
- CVE-2022-25147Jan 31, 2023affected < 1.6.3-1.1fixed 1.6.3-1.1
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
- affected < 1.6.1-7.8fixed 1.6.1-7.8
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using the
- CVE-2010-1623Oct 4, 2010affected < 1.5.4-4.4fixed 1.5.4-4.4
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of
- CVE-2009-3560Dec 4, 2009affected < 1.5.4-4.4fixed 1.5.4-4.4
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, re
- CVE-2009-3720Nov 3, 2009affected < 1.5.4-4.4fixed 1.5.4-4.4
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger
- CVE-2009-2412Aug 6, 2009affected < 1.5.4-4.4fixed 1.5.4-4.4
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft
- CVE-2009-0023Jun 8, 2009affected < 1.5.4-4.4fixed 1.5.4-4.4
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in