PT-2010-5642 · Apache+2 · Apr-Util+3

Maksymilian Arciemowicz

Published

1970-01-01

Updated

2024-06-15

CVE-2010-1623

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions APR-util versions prior to 1.3.10 Apache HTTP Server (affected versions not specified)

Description A memory leak in the apr brigade split line function allows remote attackers to cause a denial of service via unspecified vectors related to the destruction of an APR bucket. This issue can be exploited by sending carefully crafted requests, potentially leading to memory consumption. The vulnerability can be exploited remotely and may lead to a disruption of protected information.

Recommendations For APR-util versions prior to 1.3.10, update to version 1.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the apr brigade split line function until a patch is available. Avoid using the apr brigade split line function in the affected API endpoints until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-01981

BDU:2015-01982

BDU:2015-01983

CVE-2010-1623

DSA-2117-1

HPSBUX02645

OPENSUSE-SU-2024:10268-1

OPENSUSE-SU-2024:10568-1

OPENSUSE-SU-2024:11586-1

RHSA-2010:0950

RHSA-2010_0950

RHSA-2011:0897

Affected Products

Apr-Util

Apache Http Server

Hp-Ux

Red Hat

PT-2010-5642 · Apache+2 · Apr-Util+3

CVE-2010-1623

Weakness Enumeration

Related Identifiers

Affected Products

References · 140