Total vulnerabilities in the database
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
| Software | From | Fixed in |
|---|---|---|
| apache / apr-util | 1.3.3 | 1.3.3.x |
| apache / apr-util | 1.2.7 | 1.2.7.x |
| apache / apr-util | 1.2.8 | 1.2.8.x |
| apache / apr-util | 1.2.2 | 1.2.2.x |
| apache / apr-util | 1.3.0 | 1.3.0.x |
| apache / apr-util | 0.9.4 | 0.9.4.x |
| apache / apr-util | 1.0.2 | 1.0.2.x |
| apache / apr-util | 1.0 | 1.0.x |
| apache / apr-util | 1.2.1 | 1.2.1.x |
| apache / apr-util | 0.9.3 | 0.9.3.x |
| apache / apr-util | 1.1.0 | 1.1.0.x |
| apache / apr-util | 0.9.1 | 0.9.1.x |
| apache / apr-util | - | 1.3.4.x |
| apache / apr-util | 1.3.1 | 1.3.1.x |
| apache / apr-util | 0.9.2 | 0.9.2.x |
| apache / apr-util | 1.3.2 | 1.3.2.x |
| apache / apr-util | 1.1.1 | 1.1.1.x |
| apache / apr-util | 1.1.2 | 1.1.2.x |
| apache / apr-util | 1.2.6 | 1.2.6.x |
| apache / apr-util | 1.0.1 | 1.0.1.x |
| apache / apr-util | 0.9.5 | 0.9.5.x |
| apache / http_server | 2.2.0 | 2.2.12 |