VulnerableCode Package Details - pkg:deb/debian/apr-util@1.2.12%2Bdfsg-8%2Blenny5

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kyb-4yvt-f7e1 Aliases: CVE-2009-1955	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	1.3.9+dfsg-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7ftk-sajb-akh4 Aliases: CVE-2009-0023	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	1.3.9+dfsg-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8d91-nmr2-hbg7 Aliases: CVE-2017-12618	apr-util: Out-of-bounds access in corrupted SDBM database	1.6.1-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ausy-pwgu-yyh8 Aliases: CVE-2022-25147	apr-util: out-of-bounds writes in the apr_base64	1.6.1-5+deb11u1 Affected by 0 other vulnerabilities.
VCID-pj4f-awuq-73g6 Aliases: CVE-2009-1956	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	1.3.9+dfsg-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-umuk-3n1q-3qet Aliases: CVE-2009-2412	A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.	1.3.9+dfsg-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y8nd-7h3r-7fh5 Aliases: CVE-2010-1623	A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.	1.3.9+dfsg-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3kyb-4yvt-f7e1
Aliases:
CVE-2009-1955

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

1.3.9+dfsg-5
Affected by 2 other vulnerabilities.

VCID-7ftk-sajb-akh4
Aliases:
CVE-2009-0023

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

1.3.9+dfsg-5
Affected by 2 other vulnerabilities.

VCID-8d91-nmr2-hbg7
Aliases:
CVE-2017-12618

apr-util: Out-of-bounds access in corrupted SDBM database

1.6.1-4
Affected by 1 other vulnerability.

VCID-ausy-pwgu-yyh8
Aliases:
CVE-2022-25147

apr-util: out-of-bounds writes in the apr_base64

1.6.1-5+deb11u1
Affected by 0 other vulnerabilities.

VCID-pj4f-awuq-73g6
Aliases:
CVE-2009-1956

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

1.3.9+dfsg-5
Affected by 2 other vulnerabilities.

VCID-umuk-3n1q-3qet
Aliases:
CVE-2009-2412

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.

1.3.9+dfsg-5
Affected by 2 other vulnerabilities.

VCID-y8nd-7h3r-7fh5
Aliases:
CVE-2010-1623

A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.

1.3.9+dfsg-5
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T18:45:13.455924+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:44:56.561802+00:00	Debian Oval Importer	Affected by	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:00:31.358564+00:00	Debian Oval Importer	Affected by	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:22:46.102711+00:00	Debian Oval Importer	Affected by	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:54:39.736033+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T21:43:55.604307+00:00	Debian Oval Importer	Affected by	VCID-7ftk-sajb-akh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:24:59.091735+00:00	Debian Oval Importer	Affected by	VCID-pj4f-awuq-73g6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:30:02.140566+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:30:58.683367+00:00	Debian Oval Importer	Affected by	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:47:06.782744+00:00	Debian Oval Importer	Affected by	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:10:02.280580+00:00	Debian Oval Importer	Affected by	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:42:19.284394+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:21:46.150817+00:00	Debian Oval Importer	Affected by	VCID-7ftk-sajb-akh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:08:34.020703+00:00	Debian Oval Importer	Affected by	VCID-pj4f-awuq-73g6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:15:14.842782+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:18:53.736387+00:00	Debian Oval Importer	Affected by	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:37:23.329918+00:00	Debian Oval Importer	Affected by	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:02:33.669434+00:00	Debian Oval Importer	Affected by	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:36:08.386291+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0