// For flags

CVE-2009-2412

apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Múltiples desbordamientos de entero en la biblioteca Apache Portable Runtime (APR) y en la biblioteca Apache Portable Utility (alias ARP-util) v0.9.x y v1.3.x permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) o posiblemente ejecutar código arbitrario a través de vectores que disparan las llamadas manipuladas a funciones (1) allocator_alloc o (2) apr_palloc en memory/unix/apr_pools.c en APR; o llamadas manipuladas a funciones (3) apr_rmm_malloc, (4) apr_rmm_calloc, o (5) apr_rmm_realloc en misc/apr_rmm.c en APR-util; desencadenando en desbordamientos de búfer. NOTA: algunos de estos detalles se obtienen a partir de información de terceros.

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. This update provides fixes for these vulnerabilities. apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been addressed with this update.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-07-09 CVE Reserved
  • 2009-08-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (53)
URL Tag Source
http://osvdb.org/56765 Vdb Entry
http://osvdb.org/56766 Vdb Entry
http://secunia.com/advisories/36166 Third Party Advisory
http://secunia.com/advisories/36233 Third Party Advisory
http://secunia.com/advisories/37152 Third Party Advisory
http://secunia.com/advisories/37221 Third Party Advisory
http://support.apple.com/kb/HT3937 X_refsource_confirm
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736 X_refsource_confirm
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735 X_refsource_confirm
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup X_refsource_confirm
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup X_refsource_confirm
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732 X_refsource_confirm
http://www.vupen.com/english/advisories/2009/3184 Vdb Entry
http://www.vupen.com/english/advisories/2010/1107 Vdb Entry
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958 Signature
URL Date SRC
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup 2024-08-07
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup 2024-08-07
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733 2024-08-07
URL Date SRC
http://www.securityfocus.com/bid/35949 2023-11-07
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html 2023-11-07
http://secunia.com/advisories/36138 2023-11-07
http://secunia.com/advisories/36140 2023-11-07
http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225 2023-11-07
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:195 2023-11-07
http://www.ubuntu.com/usn/usn-813-2 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2009-2412 2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=515698 2010-08-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.1
Search vendor "Apache" for product "Apr-util" and version "0.9.1"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.2
Search vendor "Apache" for product "Apr-util" and version "0.9.2"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.2-dev
Search vendor "Apache" for product "Apr-util" and version "0.9.2-dev"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.3
Search vendor "Apache" for product "Apr-util" and version "0.9.3"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.3-dev
Search vendor "Apache" for product "Apr-util" and version "0.9.3-dev"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.4
Search vendor "Apache" for product "Apr-util" and version "0.9.4"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.5
Search vendor "Apache" for product "Apr-util" and version "0.9.5"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.6
Search vendor "Apache" for product "Apr-util" and version "0.9.6"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.7-dev
Search vendor "Apache" for product "Apr-util" and version "0.9.7-dev"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.8
Search vendor "Apache" for product "Apr-util" and version "0.9.8"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.9
Search vendor "Apache" for product "Apr-util" and version "0.9.9"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 0.9.16
Search vendor "Apache" for product "Apr-util" and version "0.9.16"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.0
Search vendor "Apache" for product "Apr-util" and version "1.3.0"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.1
Search vendor "Apache" for product "Apr-util" and version "1.3.1"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.2
Search vendor "Apache" for product "Apr-util" and version "1.3.2"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.3
Search vendor "Apache" for product "Apr-util" and version "1.3.3"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.4
Search vendor "Apache" for product "Apr-util" and version "1.3.4"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.4-dev
Search vendor "Apache" for product "Apr-util" and version "1.3.4-dev"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.5
Search vendor "Apache" for product "Apr-util" and version "1.3.5"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.6
Search vendor "Apache" for product "Apr-util" and version "1.3.6"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.6-dev
Search vendor "Apache" for product "Apr-util" and version "1.3.6-dev"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.7
Search vendor "Apache" for product "Apr-util" and version "1.3.7"
-
Affected
Apache
Search vendor "Apache"
 Apr-util
Search vendor "Apache" for product "Apr-util"
 1.3.8
Search vendor "Apache" for product "Apr-util" and version "1.3.8"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.1
Search vendor "Apache" for product "Portable Runtime" and version "0.9.1"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.2
Search vendor "Apache" for product "Portable Runtime" and version "0.9.2"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.2-dev
Search vendor "Apache" for product "Portable Runtime" and version "0.9.2-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.3
Search vendor "Apache" for product "Portable Runtime" and version "0.9.3"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.3-dev
Search vendor "Apache" for product "Portable Runtime" and version "0.9.3-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.4
Search vendor "Apache" for product "Portable Runtime" and version "0.9.4"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.5
Search vendor "Apache" for product "Portable Runtime" and version "0.9.5"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.6
Search vendor "Apache" for product "Portable Runtime" and version "0.9.6"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.7
Search vendor "Apache" for product "Portable Runtime" and version "0.9.7"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.7-dev
Search vendor "Apache" for product "Portable Runtime" and version "0.9.7-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.8
Search vendor "Apache" for product "Portable Runtime" and version "0.9.8"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.9
Search vendor "Apache" for product "Portable Runtime" and version "0.9.9"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 0.9.16-dev
Search vendor "Apache" for product "Portable Runtime" and version "0.9.16-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.0
Search vendor "Apache" for product "Portable Runtime" and version "1.3.0"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.1
Search vendor "Apache" for product "Portable Runtime" and version "1.3.1"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.2
Search vendor "Apache" for product "Portable Runtime" and version "1.3.2"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.3
Search vendor "Apache" for product "Portable Runtime" and version "1.3.3"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.4
Search vendor "Apache" for product "Portable Runtime" and version "1.3.4"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.4-dev
Search vendor "Apache" for product "Portable Runtime" and version "1.3.4-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.5
Search vendor "Apache" for product "Portable Runtime" and version "1.3.5"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.6
Search vendor "Apache" for product "Portable Runtime" and version "1.3.6"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.6-dev
Search vendor "Apache" for product "Portable Runtime" and version "1.3.6-dev"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.7
Search vendor "Apache" for product "Portable Runtime" and version "1.3.7"
-
Affected
Apache
Search vendor "Apache"
 Portable Runtime
Search vendor "Apache" for product "Portable Runtime"
 1.3.8
Search vendor "Apache" for product "Portable Runtime" and version "1.3.8"
-
Affected