VulnerableCode Package Details - pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-8d91-nmr2-hbg7 Aliases: CVE-2017-12618	apr-util: Out-of-bounds access in corrupted SDBM database	1.6.1-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ausy-pwgu-yyh8 Aliases: CVE-2022-25147	apr-util: out-of-bounds writes in the apr_base64	1.6.1-5+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8d91-nmr2-hbg7
Aliases:
CVE-2017-12618

apr-util: Out-of-bounds access in corrupted SDBM database

1.6.1-4
Affected by 1 other vulnerability.

VCID-ausy-pwgu-yyh8
Aliases:
CVE-2022-25147

apr-util: out-of-bounds writes in the apr_base64

1.6.1-5+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3kyb-4yvt-f7e1	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	CVE-2009-1955
VCID-7ftk-sajb-akh4	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	CVE-2009-0023
VCID-pj4f-awuq-73g6	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	CVE-2009-1956
VCID-umuk-3n1q-3qet	A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.	CVE-2009-2412
VCID-y8nd-7h3r-7fh5	A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.	CVE-2010-1623

Vulnerability

Summary

Aliases

VCID-3kyb-4yvt-f7e1

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

CVE-2009-1955

VCID-7ftk-sajb-akh4

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

CVE-2009-0023

VCID-pj4f-awuq-73g6

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

CVE-2009-1956

VCID-umuk-3n1q-3qet

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.

CVE-2009-2412

VCID-y8nd-7h3r-7fh5

A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.

CVE-2010-1623

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:05:55.170532+00:00	Debian Oval Importer	Fixing	VCID-7ftk-sajb-akh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:42:28.083974+00:00	Debian Oval Importer	Fixing	VCID-pj4f-awuq-73g6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:45:13.459805+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:44:56.565446+00:00	Debian Oval Importer	Fixing	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:00:31.361929+00:00	Debian Oval Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:22:46.106042+00:00	Debian Oval Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:54:39.739229+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T21:43:55.608030+00:00	Debian Oval Importer	Fixing	VCID-7ftk-sajb-akh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:24:59.095528+00:00	Debian Oval Importer	Fixing	VCID-pj4f-awuq-73g6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:30:02.145988+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:30:58.687713+00:00	Debian Oval Importer	Fixing	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:47:06.787020+00:00	Debian Oval Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:10:02.288463+00:00	Debian Oval Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:42:19.288303+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:21:46.154926+00:00	Debian Oval Importer	Fixing	VCID-7ftk-sajb-akh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:08:34.024922+00:00	Debian Oval Importer	Fixing	VCID-pj4f-awuq-73g6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:15:14.848592+00:00	Debian Oval Importer	Affected by	VCID-ausy-pwgu-yyh8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:18:53.741212+00:00	Debian Oval Importer	Fixing	VCID-umuk-3n1q-3qet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:37:23.334477+00:00	Debian Oval Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:02:33.674318+00:00	Debian Oval Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:36:08.398245+00:00	Debian Oval Importer	Affected by	VCID-8d91-nmr2-hbg7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0