CVE-2010-0010Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Http Server

CWE-1896 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
47.4%
top 2.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedFeb 2
Latest updateMay 2

Description

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapache/http_server1.3.41+45

🔴Vulnerability Details

2
GHSA
GHSA-8xvp-wq7g-q2vj: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util2022-05-02
CVEList
CVE-2010-0010: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util2010-02-02

💬Community

2
Bugzilla
CVE-2010-0010 httpd (v1.3): mod_proxy overflow on 64-bit systems2010-02-03
Bugzilla
CVE-2010-0010 rhn-apache: buffer overflow via integer overflow vulnerability on 64bit platforms2010-01-27
CVE-2010-0010 — Apache Http Server vulnerability | cvebase