CVE-2010-1623

CWE-119 — Buffer Overflow10 documents9 sources

Severity

5.0MEDIUM

EPSS

32.6%

top 3.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apache Apr-util

Timeline

PublishedOct 4

Latest updateMay 13

Description

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapache/http_server2.0.35 — 2.0.64+1

▶NVDapache/apr-util1.3.9+42

▶Debianapache2< 2.2.16-3+3

▶Debianapr-util< 1.3.9+dfsg-4+3

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-2cc8-vf33-qm9m: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade↗2022-05-13

▶

CVEList

CVE-2010-1623: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade↗2010-10-04

▶

OSV

CVE-2010-1623: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade↗2010-10-04

▶

📋Vendor Advisories

Ubuntu

APR-util vulnerability↗2010-11-25

▶

Ubuntu

Apache vulnerabilities↗2010-11-25

▶

Red Hat

apr-util: high memory consumption in apr_brigade_split_line()↗2010-10-01

▶

Debian

CVE-2010-1623: apache2 - Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in t...↗2010

▶

Apache

Apache httpd: CVE-2010-1623↗

▶

💬Community

Bugzilla

CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line()↗2010-10-05

▶