Search for packages
| purl | pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g38k-gh86-pkcn
Aliases: CVE-2023-49582 |
APR: Lax permissions in Apache Portable Runtime shared memory |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-29bh-jatc-73ad | Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. |
CVE-2012-0840
|
| VCID-3cea-3rkm-r7gs | A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) |
CVE-2011-0419
|
| VCID-3qre-qddd-eqgk | apr: integer overflow/wraparound in apr_encode |
CVE-2022-24963
|
| VCID-7s2y-pvar-qqe3 | Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service. |
CVE-2009-2699
|
| VCID-dp5k-enj4-h7gu | apr: Windows out-of-bounds write in apr_socket_sendv function |
CVE-2022-28331
|
| VCID-jdxe-krj9-8kax | apr: Out-of-bounds array deref in apr_time_exp*() functions |
CVE-2017-12613
|
| VCID-qebd-7szr-y7cx | Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. |
CVE-2011-1928
|
| VCID-umuk-3n1q-3qet | A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way. |
CVE-2009-2412
|
| VCID-xz52-5z1u-cuf9 | apr: Regression of CVE-2017-12613 fix in apr 1.7 |
CVE-2021-35940
|