Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2009-2412

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

  • Published: Aug 6, 2009
  • Updated: Nov 8, 2023
  • CVE: CVE-2009-2412
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
apache / apr-util 1.3.6-dev 1.3.6-dev.x
apache / portable_runtime 1.3.6-dev 1.3.6-dev.x
apache / portable_runtime 1.3.7 1.3.7.x
apache / apr-util 1.3.6 1.3.6.x
apache / apr-util 0.9.2-dev 0.9.2-dev.x
apache / apr-util 1.3.3 1.3.3.x
apache / apr-util 0.9.9 0.9.9.x
apache / portable_runtime 0.9.7-dev 0.9.7-dev.x
apache / portable_runtime 1.3.3 1.3.3.x
apache / portable_runtime 0.9.6 0.9.6.x
apache / portable_runtime 0.9.16-dev 0.9.16-dev.x
apache / portable_runtime 0.9.8 0.9.8.x
apache / portable_runtime 1.3.1 1.3.1.x
apache / portable_runtime 1.3.2 1.3.2.x
apache / portable_runtime 1.3.4 1.3.4.x
apache / apr-util 1.3.0 1.3.0.x
apache / apr-util 1.3.4 1.3.4.x
apache / apr-util 0.9.4 0.9.4.x
apache / portable_runtime 0.9.4 0.9.4.x
apache / apr-util 0.9.3 0.9.3.x
apache / portable_runtime 0.9.3 0.9.3.x
apache / apr-util 0.9.7-dev 0.9.7-dev.x
apache / portable_runtime 0.9.1 0.9.1.x
apache / portable_runtime 0.9.5 0.9.5.x
apache / apr-util 0.9.3-dev 0.9.3-dev.x
apache / portable_runtime 1.3.8 1.3.8.x
apache / apr-util 0.9.1 0.9.1.x
apache / apr-util 0.9.6 0.9.6.x
apache / apr-util 1.3.1 1.3.1.x
apache / apr-util 1.3.5 1.3.5.x
apache / apr-util 0.9.2 0.9.2.x
apache / apr-util 1.3.2 1.3.2.x
apache / apr-util 1.3.4-dev 1.3.4-dev.x
apache / portable_runtime 0.9.7 0.9.7.x
apache / portable_runtime 0.9.2-dev 0.9.2-dev.x
apache / apr-util 1.3.7 1.3.7.x
apache / portable_runtime 0.9.2 0.9.2.x
apache / portable_runtime 1.3.6 1.3.6.x
apache / portable_runtime 0.9.9 0.9.9.x
apache / apr-util 0.9.8 0.9.8.x
apache / portable_runtime 1.3.5 1.3.5.x
apache / apr-util 0.9.16 0.9.16.x
apache / portable_runtime 0.9.3-dev 0.9.3-dev.x
apache / portable_runtime 1.3.4-dev 1.3.4-dev.x
apache / portable_runtime 1.3.0 1.3.0.x
apache / apr-util 1.3.8 1.3.8.x
apache / apr-util 0.9.5 0.9.5.x