The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util prior to 1.3.5 allows remote malicious users to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache apr-util |
||
apache apr-util 0.9.1 |
||
apache apr-util 0.9.2 |
||
apache apr-util 0.9.3 |
||
apache apr-util 0.9.4 |
||
apache apr-util 0.9.5 |
||
apache apr-util 1.0 |
||
apache apr-util 1.0.1 |
||
apache apr-util 1.0.2 |
||
apache apr-util 1.1.0 |
||
apache apr-util 1.1.1 |
||
apache apr-util 1.1.2 |
||
apache apr-util 1.2.1 |
||
apache apr-util 1.2.2 |
||
apache apr-util 1.2.6 |
||
apache apr-util 1.2.7 |
||
apache apr-util 1.2.8 |
||
apache apr-util 1.3.0 |
||
apache apr-util 1.3.1 |
||
apache apr-util 1.3.2 |
||
apache apr-util 1.3.3 |
||
apache http server |