Debian Apr-Util vulnerabilities

CVE-2022-25147 [MEDIUM] CVE-2022-25147: apr-util - Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache P... Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. Scope: local bookworm: resolved (fixed in 1.6.3-1) bullseye: resolved (fixed in 1.6.1-5+deb11u1) forky: res

CVE-2017-12618 [MEDIUM] CVE-2017-12618: apr-util - Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the ... Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Scope: local bookworm: resolved (f

CVE-2016-6312 [HIGH] CVE-2016-6312: apr-util - The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as p... The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-195

CVE-2010-1623 [MEDIUM] CVE-2010-1623: apache2 - Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in t... Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an A

CVE-2009-2412 [CRITICAL] CVE-2009-2412: apr - Multiple integer overflows in the Apache Portable Runtime (APR) library and the ... Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c

CVE-2009-0023 [MEDIUM] CVE-2009-0023: apr-util - The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-ut... The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Ap

CVE-2009-1955 [MEDIUM] CVE-2009-1955: apr-util - The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-u... The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request,

CVE-2009-1956 [MEDIUM] CVE-2009-1956: apr-util - Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1... Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. Scope: local bookworm: resolved (fixed in 1.3.7+dfsg-1) bullseye: resolved (fixed in 1.3.7+dfsg-1) forky: resolved (fixed in 1.3.7+dfs