CVE-2009-2412
Severity
10.0CRITICAL
EPSS
7.8%
top 8.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 6
Latest updateMay 2
Description
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-u…
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8g6v-29rv-3j6m: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0↗2022-05-02
OSV▶
CVE-2009-2412: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0↗2009-08-06
CVEList▶
CVE-2009-2412: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0↗2009-08-06
📋Vendor Advisories
7💬Community
1Bugzilla▶
CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management↗2009-08-05