5

CVE-2010-1623

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheApr-util Version <= 1.3.9
ApacheApr-util Version0.9.1
ApacheApr-util Version0.9.2
ApacheApr-util Version0.9.3
ApacheApr-util Version0.9.4
ApacheApr-util Version0.9.5
ApacheApr-util Version0.9.6
ApacheApr-util Version0.9.7
ApacheApr-util Version0.9.8
ApacheApr-util Version0.9.9
ApacheApr-util Version0.9.10
ApacheApr-util Version0.9.11
ApacheApr-util Version0.9.12
ApacheApr-util Version0.9.13
ApacheApr-util Version0.9.14
ApacheApr-util Version0.9.15
ApacheApr-util Version0.9.16
ApacheApr-util Version0.9.17
ApacheApr-util Version0.9.18
ApacheApr-util Version1.0
ApacheApr-util Version1.0.1
ApacheApr-util Version1.0.2
ApacheApr-util Version1.1.0
ApacheApr-util Version1.1.1
ApacheApr-util Version1.1.2
ApacheApr-util Version1.2.1
ApacheApr-util Version1.2.2
ApacheApr-util Version1.2.6
ApacheApr-util Version1.2.7
ApacheApr-util Version1.2.8
ApacheApr-util Version1.2.9
ApacheApr-util Version1.2.10
ApacheApr-util Version1.2.12
ApacheApr-util Version1.2.13
ApacheApr-util Version1.3.0
ApacheApr-util Version1.3.1
ApacheApr-util Version1.3.2
ApacheApr-util Version1.3.3
ApacheApr-util Version1.3.4
ApacheApr-util Version1.3.5
ApacheApr-util Version1.3.6
ApacheApr-util Version1.3.7
ApacheApr-util Version1.3.8
ApacheHTTP Server Version >= 2.0.35 < 2.0.64
ApacheHTTP Server Version >= 2.2.0 < 2.2.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.17% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
URL Repurposed
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Vendor Advisory
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/41701
Vendor Advisory
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-0897.html
Vendor Advisory
http://secunia.com/advisories/42367
Vendor Advisory
http://ubuntu.com/usn/usn-1021-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3064
Vendor Advisory
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42015
Vendor Advisory
http://secunia.com/advisories/42361
Vendor Advisory
http://secunia.com/advisories/42403
Vendor Advisory
http://secunia.com/advisories/42537
Vendor Advisory
http://secunia.com/advisories/43211
Vendor Advisory
http://secunia.com/advisories/43285
Vendor Advisory
http://security-tracker.debian.org/tracker/CVE-2010-1623
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
Third Party Advisory
Mailing List
http://svn.apache.org/viewvc?view=revision&revision=1003492
Patch
http://svn.apache.org/viewvc?view=revision&revision=1003493
Patch
http://svn.apache.org/viewvc?view=revision&revision=1003494
Patch
http://svn.apache.org/viewvc?view=revision&revision=1003495
Patch
http://svn.apache.org/viewvc?view=revision&revision=1003626
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
URL Repurposed
http://www.redhat.com/support/errata/RHSA-2010-0950.html
Vendor Advisory
http://www.securityfocus.com/bid/43673
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1022-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2556
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2557
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2806
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3065
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3074
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0358
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800
Third Party Advisory
Mailing List