Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA
CVSSv4

CVE-2009-2412

CVSSv4: NA | CVSSv3: NA | CVSSv2: 10 | VMScore: 1000 | EPSS: 0.05557 | KEV: Not Included
Published: 06/08/2009 Updated: 21/11/2024

Vulnerability Summary

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache apr-util 0.9.1

apache apr-util 0.9.2

apache apr-util 0.9.2-dev

apache apr-util 0.9.3

apache apr-util 0.9.3-dev

apache apr-util 0.9.4

apache apr-util 0.9.5

apache apr-util 0.9.6

apache apr-util 0.9.7-dev

apache apr-util 0.9.8

apache apr-util 0.9.9

apache apr-util 0.9.16

apache apr-util 1.3.0

apache apr-util 1.3.1

apache apr-util 1.3.2

apache apr-util 1.3.3

apache apr-util 1.3.4

apache apr-util 1.3.4-dev

apache apr-util 1.3.5

apache apr-util 1.3.6

apache apr-util 1.3.6-dev

apache apr-util 1.3.7

apache apr-util 1.3.8

apache portable runtime 0.9.1

apache portable runtime 0.9.2

apache portable runtime 0.9.2-dev

apache portable runtime 0.9.3

apache portable runtime 0.9.3-dev

apache portable runtime 0.9.4

apache portable runtime 0.9.5

apache portable runtime 0.9.6

apache portable runtime 0.9.7

apache portable runtime 0.9.7-dev

apache portable runtime 0.9.8

apache portable runtime 0.9.9

apache portable runtime 0.9.16-dev

apache portable runtime 1.3.0

apache portable runtime 1.3.1

apache portable runtime 1.3.2

apache portable runtime 1.3.3

apache portable runtime 1.3.4

apache portable runtime 1.3.4-dev

apache portable runtime 1.3.5

apache portable runtime 1.3.6

apache portable runtime 1.3.6-dev

apache portable runtime 1.3.7

apache portable runtime 1.3.8

Vendor Advisories

Red Hat: Moderate: apr and apr-util security update
Synopsis Moderate: apr and apr-util security update Type/Severity Security Advisory: Moderate Topic Updated apr and apr-util packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security R ...
Debian Security Advisories: DSA-1854-1 apr, apr-util -- heap buffer overflow
Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution For the old stable distribution (etch), ...
Ubuntu Security Notice: apr-util vulnerability
USN-813-1 fixed vulnerabilities in apr This update provides the corresponding updates for apr-util ...
Ubuntu Security Notice: apache2 vulnerability
USN-813-1 fixed vulnerabilities in apr This update provides the corresponding updates for apr as provided by Apache on Ubuntu 606 LTS ...
Ubuntu Security Notice: apr vulnerability
Matt Lewis discovered that apr did not properly sanitize its input when allocating memory If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application ...

References

CWE-189https://access.redhat.com/errata/RHSA-2009:1204https://nvd.nist.govhttps://usn.ubuntu.com/813-3/https://www.first.org/epsshttps://www.debian.org/security/./dsa-1854http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://osvdb.org/56765http://osvdb.org/56766http://secunia.com/advisories/36138http://secunia.com/advisories/36140http://secunia.com/advisories/36166http://secunia.com/advisories/36233http://secunia.com/advisories/37152http://secunia.com/advisories/37221http://support.apple.com/kb/HT3937http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markuphttp://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markuphttp://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markuphttp://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markuphttp://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482http://www.mandriva.com/security/advisories?name=MDVSA-2009:195http://www.securityfocus.com/bid/35949http://www.ubuntu.com/usn/usn-813-2http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2010/1107https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.htmlhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://osvdb.org/56765http://osvdb.org/56766http://secunia.com/advisories/36138http://secunia.com/advisories/36140http://secunia.com/advisories/36166http://secunia.com/advisories/36233http://secunia.com/advisories/37152http://secunia.com/advisories/37221http://support.apple.com/kb/HT3937http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markuphttp://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markuphttp://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markuphttp://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markuphttp://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482http://www.mandriva.com/security/advisories?name=MDVSA-2009:195http://www.securityfocus.com/bid/35949http://www.ubuntu.com/usn/usn-813-2http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2010/1107https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
/
CVE-2009-2412
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook