VYPR

rpm package

opensuse/apr-util&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apr-util&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2022-25147Jan 31, 2023
    affected < 1.6.3-1.1fixed 1.6.3-1.1

    Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

  • CVE-2017-12618MedOct 24, 2017
    affected < 1.6.1-7.8fixed 1.6.1-7.8

    Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using the

  • CVE-2010-1623Oct 4, 2010
    affected < 1.5.4-4.4fixed 1.5.4-4.4

    Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of

  • CVE-2009-3560Dec 4, 2009
    affected < 1.5.4-4.4fixed 1.5.4-4.4

    The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, re

  • CVE-2009-3720Nov 3, 2009
    affected < 1.5.4-4.4fixed 1.5.4-4.4

    The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger

  • CVE-2009-2412Aug 6, 2009
    affected < 1.5.4-4.4fixed 1.5.4-4.4

    Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft

  • CVE-2009-0023Jun 8, 2009
    affected < 1.5.4-4.4fixed 1.5.4-4.4

    The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in