CVE-2009-2412

Name of the Vulnerable Software and Affected Versions APR versions 0.9.x through 1.3.x APR-util versions 0.9.x through 1.3.x

Description The issue is related to multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (APR-util). These overflows can be triggered by crafted calls to functions such as allocator alloc or apr palloc in APR, and apr rmm malloc, apr rmm calloc, or apr rmm realloc in APR-util, potentially leading to buffer overflows. This could allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For APR versions 0.9.x through 1.3.x, consider disabling the apr palloc() function until a patch is available. For APR-util versions 0.9.x through 1.3.x, restrict access to the apr rmm malloc, apr rmm calloc, and apr rmm realloc functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.