VulnerableCode Package Details - pkg:deb/debian/apr-util@1.6.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3kyb-4yvt-f7e1	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	CVE-2009-1955
VCID-7ftk-sajb-akh4	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	CVE-2009-0023
VCID-8d91-nmr2-hbg7	apr-util: Out-of-bounds access in corrupted SDBM database	CVE-2017-12618
VCID-ausy-pwgu-yyh8	apr-util: out-of-bounds writes in the apr_base64	CVE-2022-25147
VCID-pj4f-awuq-73g6	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	CVE-2009-1956
VCID-s3nk-dsgj-3bcx	httpd: Billion laughs attack regression	CVE-2016-6312
VCID-umuk-3n1q-3qet	A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.	CVE-2009-2412
VCID-y8nd-7h3r-7fh5	A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.	CVE-2010-1623

Vulnerability

Summary

Aliases

VCID-3kyb-4yvt-f7e1

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

CVE-2009-1955

VCID-7ftk-sajb-akh4

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

CVE-2009-0023

VCID-8d91-nmr2-hbg7

apr-util: Out-of-bounds access in corrupted SDBM database

CVE-2017-12618

VCID-ausy-pwgu-yyh8

apr-util: out-of-bounds writes in the apr_base64

CVE-2022-25147

VCID-pj4f-awuq-73g6

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

CVE-2009-1956

VCID-s3nk-dsgj-3bcx

httpd: Billion laughs attack regression

CVE-2016-6312

VCID-umuk-3n1q-3qet

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.

CVE-2009-2412

VCID-y8nd-7h3r-7fh5

A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.

CVE-2010-1623

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:51:41.421622+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:28:38.964520+00:00	Debian Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:22:04.697291+00:00	Debian Importer	Fixing	VCID-s3nk-dsgj-3bcx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:28:08.778115+00:00	Debian Importer	Fixing	VCID-8d91-nmr2-hbg7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:54.013242+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:58:43.687663+00:00	Debian Importer	Fixing	VCID-ausy-pwgu-yyh8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:56.909692+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:59:12.474425+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:49:39.557889+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:32:31.143624+00:00	Debian Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:27:44.069010+00:00	Debian Importer	Fixing	VCID-s3nk-dsgj-3bcx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:48:55.475184+00:00	Debian Importer	Fixing	VCID-8d91-nmr2-hbg7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:53.375541+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:41:07.625125+00:00	Debian Importer	Fixing	VCID-ausy-pwgu-yyh8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:22.319544+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:36.830692+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:20.956920+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:10.754814+00:00	Debian Importer	Fixing	VCID-y8nd-7h3r-7fh5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:38.433209+00:00	Debian Importer	Fixing	VCID-s3nk-dsgj-3bcx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:44.520878+00:00	Debian Importer	Fixing	VCID-8d91-nmr2-hbg7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:22.303752+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:38.266051+00:00	Debian Importer	Fixing	VCID-ausy-pwgu-yyh8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:00.284433+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:27.351796+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.1.0