Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/apr@1.2.7-8.2
purl pkg:deb/debian/apr@1.2.7-8.2
Next non-vulnerable version 1.7.2-3+deb12u1
Latest non-vulnerable version 1.7.2-3+deb12u1
Risk 9.6
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-29bh-jatc-73ad
Aliases:
CVE-2012-0840
Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.
1.4.6-3+deb7u1
Affected by 3 other vulnerabilities.
VCID-3cea-3rkm-r7gs
Aliases:
CVE-2011-0419
A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)
1.4.6-3+deb7u1
Affected by 3 other vulnerabilities.
VCID-3qre-qddd-eqgk
Aliases:
CVE-2022-24963
apr: integer overflow/wraparound in apr_encode
1.7.0-6+deb11u2
Affected by 1 other vulnerability.
VCID-jdxe-krj9-8kax
Aliases:
CVE-2017-12613
apr: Out-of-bounds array deref in apr_time_exp*() functions
1.6.5-1
Affected by 2 other vulnerabilities.
VCID-qebd-7szr-y7cx
Aliases:
CVE-2011-1928
Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.
1.4.6-3+deb7u1
Affected by 3 other vulnerabilities.
VCID-umuk-3n1q-3qet
Aliases:
CVE-2009-2412
A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.
1.4.2-6+squeeze4
Affected by 6 other vulnerabilities.
VCID-xz52-5z1u-cuf9
Aliases:
CVE-2021-35940
apr: Regression of CVE-2017-12613 fix in apr 1.7
1.7.0-6+deb11u2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T22:26:51.397410+00:00 Debian Oval Importer Affected by VCID-qebd-7szr-y7cx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:28:08.224661+00:00 Debian Oval Importer Affected by VCID-xz52-5z1u-cuf9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:57:43.425284+00:00 Debian Oval Importer Affected by VCID-umuk-3n1q-3qet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:12:00.347857+00:00 Debian Oval Importer Affected by VCID-jdxe-krj9-8kax https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:06:25.736735+00:00 Debian Oval Importer Affected by VCID-3cea-3rkm-r7gs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:09:30.472966+00:00 Debian Oval Importer Affected by VCID-3qre-qddd-eqgk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:48:38.064844+00:00 Debian Oval Importer Affected by VCID-29bh-jatc-73ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T22:04:00.305976+00:00 Debian Oval Importer Affected by VCID-qebd-7szr-y7cx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:09:37.795655+00:00 Debian Oval Importer Affected by VCID-xz52-5z1u-cuf9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:41:55.728899+00:00 Debian Oval Importer Affected by VCID-umuk-3n1q-3qet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:57:27.542384+00:00 Debian Oval Importer Affected by VCID-jdxe-krj9-8kax https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:52:03.568477+00:00 Debian Oval Importer Affected by VCID-3cea-3rkm-r7gs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:56:04.268605+00:00 Debian Oval Importer Affected by VCID-3qre-qddd-eqgk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:36:19.223054+00:00 Debian Oval Importer Affected by VCID-29bh-jatc-73ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T21:40:58.827674+00:00 Debian Oval Importer Affected by VCID-qebd-7szr-y7cx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:50:57.733442+00:00 Debian Oval Importer Affected by VCID-xz52-5z1u-cuf9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:27:02.176292+00:00 Debian Oval Importer Affected by VCID-umuk-3n1q-3qet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:44:14.143735+00:00 Debian Oval Importer Affected by VCID-jdxe-krj9-8kax https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:39:01.080650+00:00 Debian Oval Importer Affected by VCID-3cea-3rkm-r7gs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:45:48.152717+00:00 Debian Oval Importer Affected by VCID-3qre-qddd-eqgk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:30:19.094250+00:00 Debian Oval Importer Affected by VCID-29bh-jatc-73ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0