CVE-2009-1956
published 2009-06-08CVE-2009-1956: Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive…
medium6.4CVSS 3.1
AVNACLAuNCPINAP
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apr-util | <= 1.3.4 | — |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | http_server | >= 2.2.0 < 2.2.12 | 2.2.12 |
| apache | httpd | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | apr-util | < apr-util 1.3.7+dfsg-1 (bookworm) | apr-util 1.3.7+dfsg-1 (bookworm) |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv6.4MEDIUM