CVE-2009-0023

CWE-119Buffer Overflow15 documents9 sources
Severity
4.3MEDIUM
EPSS
14.8%
top 5.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Http ServerApache Apr-util
Timeline
PublishedJun 8
Latest updateMay 2

Description

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDapache/http_server2.2.02.2.12
NVDapache/apr-util1.3.4+20
Debianapr-util< 1.3.7+dfsg-1+3

Patches

Patch: www.debian.orgPatch: bugzilla.redhat.comPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-8jp8-5574-2q6q: The apr_strmatch_precompile function in strmatch/apr_strmatch2022-05-02
OSV
CVE-2009-0023: The apr_strmatch_precompile function in strmatch/apr_strmatch2009-06-08
CVEList
CVE-2009-0023: The apr_strmatch_precompile function in strmatch/apr_strmatch2009-06-06

💥Exploits & PoCs

5
Exploit-DB
WarFTPd 1.82.00-RC12 - 'LIST' Format String Denial of Service2009-09-10
Exploit-DB
Music Tag Editor 1.61 build 212 - Remote Buffer Overflow (PoC)2009-07-16
Exploit-DB
ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)2009-06-01
Exploit-DB
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)2009-05-05
Exploit-DB
Elecard MPEG Player 5.5 - '.m3u' Stack Buffer Overflow (PoC)2009-01-01

📋Vendor Advisories

4
Ubuntu
Apache vulnerabilities2009-06-11
Ubuntu
apr-util vulnerabilities2009-06-10
Red Hat
apr-util heap buffer underwrite2009-06-03
Debian
CVE-2009-0023: apr-util - The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-ut...2009

💬Community

2
Bugzilla
Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases2009-12-06
Bugzilla
CVE-2009-0023 apr-util heap buffer underwrite2009-06-03
CVE-2009-0023 (MEDIUM CVSS 4.3) | The apr_strmatch_precompile functio | cvebase.io