CVE-2010-1623

apr-util: high memory consumption in apr_brigade_split_line()

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Pérdida de memoria en la función apr_brigade_split_line en buckets/apr_brigade.c en la biblioteca Apache Portable Runtime Utility (también conocida como APR-util) en versiones anteriores a 1.3.10, como es usada en el módulo mod_reqtimeout en Apache HTTP Server y otro software, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados relacionados con la destrucción de un cubo APR.

Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-29 CVE Reserved
2010-10-04 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (61)

URL	Tag	Source
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak	Mailing List
http://security-tracker.debian.org/tracker/CVE-2010-1623	Third Party Advisory
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3	Url Repurposed
http://www.securityfocus.com/bid/43673	Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800	Mailing List

URL	Date	SRC

URL	Date	SRC
http://svn.apache.org/viewvc?view=revision&revision=1003492	2023-10-03
http://svn.apache.org/viewvc?view=revision&revision=1003493	2023-10-03
http://svn.apache.org/viewvc?view=revision&revision=1003494	2023-10-03
http://svn.apache.org/viewvc?view=revision&revision=1003495	2023-10-03
http://svn.apache.org/viewvc?view=revision&revision=1003626	2023-10-03
http://www.vupen.com/english/advisories/2010/2556	2023-10-03

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html	2023-10-03
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html	2023-10-03
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html	2023-10-03
http://marc.info/?l=bugtraq&m=130168502603566&w=2	2023-10-03
http://secunia.com/advisories/41701	2023-10-03
http://secunia.com/advisories/42015	2023-10-03
http://secunia.com/advisories/42361	2023-10-03
http://secunia.com/advisories/42367	2023-10-03
http://secunia.com/advisories/42403	2023-10-03
http://secunia.com/advisories/42537	2023-10-03
http://secunia.com/advisories/43211	2023-10-03
http://secunia.com/advisories/43285	2023-10-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828	2023-10-03
http://ubuntu.com/usn/usn-1021-1	2023-10-03
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601	2023-10-03
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192	2023-10-03
http://www.redhat.com/support/errata/RHSA-2010-0950.html	2023-10-03
http://www.redhat.com/support/errata/RHSA-2011-0896.html	2023-10-03
http://www.redhat.com/support/errata/RHSA-2011-0897.html	2023-10-03
http://www.ubuntu.com/usn/USN-1022-1	2023-10-03
http://www.vupen.com/english/advisories/2010/2557	2023-10-03
http://www.vupen.com/english/advisories/2010/2806	2023-10-03
http://www.vupen.com/english/advisories/2010/3064	2023-10-03
http://www.vupen.com/english/advisories/2010/3065	2023-10-03
http://www.vupen.com/english/advisories/2010/3074	2023-10-03
http://www.vupen.com/english/advisories/2011/0358	2023-10-03
https://access.redhat.com/security/cve/CVE-2010-1623	2011-06-22
https://bugzilla.redhat.com/show_bug.cgi?id=640281	2011-06-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				<= 1.3.9 Search vendor "Apache" for product "Apr-util" and version " <= 1.3.9"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.1 Search vendor "Apache" for product "Apr-util" and version "0.9.1"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.2 Search vendor "Apache" for product "Apr-util" and version "0.9.2"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.3 Search vendor "Apache" for product "Apr-util" and version "0.9.3"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.4 Search vendor "Apache" for product "Apr-util" and version "0.9.4"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.5 Search vendor "Apache" for product "Apr-util" and version "0.9.5"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.6 Search vendor "Apache" for product "Apr-util" and version "0.9.6"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.7 Search vendor "Apache" for product "Apr-util" and version "0.9.7"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.8 Search vendor "Apache" for product "Apr-util" and version "0.9.8"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.9 Search vendor "Apache" for product "Apr-util" and version "0.9.9"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.10 Search vendor "Apache" for product "Apr-util" and version "0.9.10"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.11 Search vendor "Apache" for product "Apr-util" and version "0.9.11"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.12 Search vendor "Apache" for product "Apr-util" and version "0.9.12"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.13 Search vendor "Apache" for product "Apr-util" and version "0.9.13"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.14 Search vendor "Apache" for product "Apr-util" and version "0.9.14"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.15 Search vendor "Apache" for product "Apr-util" and version "0.9.15"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.16 Search vendor "Apache" for product "Apr-util" and version "0.9.16"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.17 Search vendor "Apache" for product "Apr-util" and version "0.9.17"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				0.9.18 Search vendor "Apache" for product "Apr-util" and version "0.9.18"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.0 Search vendor "Apache" for product "Apr-util" and version "1.0"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.0.1 Search vendor "Apache" for product "Apr-util" and version "1.0.1"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.0.2 Search vendor "Apache" for product "Apr-util" and version "1.0.2"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.1.0 Search vendor "Apache" for product "Apr-util" and version "1.1.0"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.1.1 Search vendor "Apache" for product "Apr-util" and version "1.1.1"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.1.2 Search vendor "Apache" for product "Apr-util" and version "1.1.2"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.1 Search vendor "Apache" for product "Apr-util" and version "1.2.1"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.2 Search vendor "Apache" for product "Apr-util" and version "1.2.2"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.6 Search vendor "Apache" for product "Apr-util" and version "1.2.6"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.7 Search vendor "Apache" for product "Apr-util" and version "1.2.7"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.8 Search vendor "Apache" for product "Apr-util" and version "1.2.8"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.9 Search vendor "Apache" for product "Apr-util" and version "1.2.9"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.10 Search vendor "Apache" for product "Apr-util" and version "1.2.10"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.12 Search vendor "Apache" for product "Apr-util" and version "1.2.12"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.2.13 Search vendor "Apache" for product "Apr-util" and version "1.2.13"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.0 Search vendor "Apache" for product "Apr-util" and version "1.3.0"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.1 Search vendor "Apache" for product "Apr-util" and version "1.3.1"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.2 Search vendor "Apache" for product "Apr-util" and version "1.3.2"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.3 Search vendor "Apache" for product "Apr-util" and version "1.3.3"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.4 Search vendor "Apache" for product "Apr-util" and version "1.3.4"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.5 Search vendor "Apache" for product "Apr-util" and version "1.3.5"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.6 Search vendor "Apache" for product "Apr-util" and version "1.3.6"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.7 Search vendor "Apache" for product "Apr-util" and version "1.3.7"		-		Affected
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				1.3.8 Search vendor "Apache" for product "Apr-util" and version "1.3.8"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.0.35 < 2.0.64 Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.64"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.17 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.17"		-		Affected