VulnerableCode Package Details - pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-29bh-jatc-73ad	Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.	CVE-2012-0840
VCID-3cea-3rkm-r7gs	A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)	CVE-2011-0419
VCID-3qre-qddd-eqgk	apr: integer overflow/wraparound in apr_encode	CVE-2022-24963
VCID-7s2y-pvar-qqe3	Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service.	CVE-2009-2699
VCID-dp5k-enj4-h7gu	apr: Windows out-of-bounds write in apr_socket_sendv function	CVE-2022-28331
VCID-g38k-gh86-pkcn	APR: Lax permissions in Apache Portable Runtime shared memory	CVE-2023-49582
VCID-jdxe-krj9-8kax	apr: Out-of-bounds array deref in apr_time_exp*() functions	CVE-2017-12613
VCID-qebd-7szr-y7cx	Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.	CVE-2011-1928
VCID-umuk-3n1q-3qet	A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.	CVE-2009-2412
VCID-xz52-5z1u-cuf9	apr: Regression of CVE-2017-12613 fix in apr 1.7	CVE-2021-35940

Vulnerability

Summary

Aliases

VCID-29bh-jatc-73ad

Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.

CVE-2012-0840

VCID-3cea-3rkm-r7gs

A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)

CVE-2011-0419

VCID-3qre-qddd-eqgk

apr: integer overflow/wraparound in apr_encode

CVE-2022-24963

VCID-7s2y-pvar-qqe3

Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service.

CVE-2009-2699

VCID-dp5k-enj4-h7gu

apr: Windows out-of-bounds write in apr_socket_sendv function

CVE-2022-28331

VCID-g38k-gh86-pkcn

APR: Lax permissions in Apache Portable Runtime shared memory

CVE-2023-49582

VCID-jdxe-krj9-8kax

apr: Out-of-bounds array deref in apr_time_exp*() functions

CVE-2017-12613

VCID-qebd-7szr-y7cx

Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service.

CVE-2011-1928

VCID-umuk-3n1q-3qet

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.

CVE-2009-2412

VCID-xz52-5z1u-cuf9

apr: Regression of CVE-2017-12613 fix in apr 1.7

CVE-2021-35940

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:27:49.875325+00:00	Debian Importer	Fixing	VCID-29bh-jatc-73ad	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:43:03.986684+00:00	Debian Importer	Fixing	VCID-3qre-qddd-eqgk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:18:10.268627+00:00	Debian Importer	Fixing	VCID-jdxe-krj9-8kax	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:59:36.003847+00:00	Debian Importer	Fixing	VCID-7s2y-pvar-qqe3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:57:13.788145+00:00	Debian Importer	Fixing	VCID-qebd-7szr-y7cx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:44:15.239013+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:38:18.276055+00:00	Debian Importer	Fixing	VCID-dp5k-enj4-h7gu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:36:17.621896+00:00	Debian Importer	Fixing	VCID-3cea-3rkm-r7gs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:23:16.086707+00:00	Debian Importer	Fixing	VCID-xz52-5z1u-cuf9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:17:26.699594+00:00	Debian Importer	Fixing	VCID-29bh-jatc-73ad	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:43:09.811188+00:00	Debian Importer	Fixing	VCID-3qre-qddd-eqgk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:24:52.113793+00:00	Debian Importer	Fixing	VCID-jdxe-krj9-8kax	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:11:22.892903+00:00	Debian Importer	Fixing	VCID-7s2y-pvar-qqe3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:09:37.127243+00:00	Debian Importer	Fixing	VCID-qebd-7szr-y7cx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:00:06.177108+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:55:51.583799+00:00	Debian Importer	Fixing	VCID-dp5k-enj4-h7gu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:58.877306+00:00	Debian Importer	Fixing	VCID-3cea-3rkm-r7gs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:16:04.774159+00:00	Debian Importer	Fixing	VCID-xz52-5z1u-cuf9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:19:44.903593+00:00	Debian Importer	Fixing	VCID-g38k-gh86-pkcn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:18:38.124629+00:00	Debian Importer	Fixing	VCID-29bh-jatc-73ad	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:59.634839+00:00	Debian Importer	Fixing	VCID-3qre-qddd-eqgk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:25.132743+00:00	Debian Importer	Fixing	VCID-jdxe-krj9-8kax	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:22.197964+00:00	Debian Importer	Fixing	VCID-7s2y-pvar-qqe3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:15.888258+00:00	Debian Importer	Fixing	VCID-qebd-7szr-y7cx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:36.450431+00:00	Debian Importer	Fixing	VCID-umuk-3n1q-3qet	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:16.452397+00:00	Debian Importer	Fixing	VCID-dp5k-enj4-h7gu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:45.144114+00:00	Debian Importer	Fixing	VCID-3cea-3rkm-r7gs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:45.510565+00:00	Debian Importer	Fixing	VCID-xz52-5z1u-cuf9	https://security-tracker.debian.org/tracker/data/json	38.1.0