VulnerableCode Package Details - pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-n6j7-vjgu-d7a7 Aliases: CVE-2022-25147	Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.	1.6.1-5+deb11u1 Affected by 0 other vulnerabilities.
VCID-wq29-zfsd-4fbp Aliases: CVE-2017-12618		1.6.1-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-n6j7-vjgu-d7a7
Aliases:
CVE-2022-25147

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

1.6.1-5+deb11u1
Affected by 0 other vulnerabilities.

VCID-wq29-zfsd-4fbp
Aliases:
CVE-2017-12618

1.6.1-4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-2h74-w9ra-wbf7	A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.	CVE-2009-2412
VCID-bay7-x8bk-dqf6	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	CVE-2009-1956
VCID-cqpz-3xpm-4fhz	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	CVE-2009-0023
VCID-cqrd-ejej-uqe9	A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.	CVE-2010-1623
VCID-exfa-m9xw-wkap	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	CVE-2009-1955

Vulnerability

Summary

Aliases

VCID-2h74-w9ra-wbf7

A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.

CVE-2009-2412

VCID-bay7-x8bk-dqf6

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

CVE-2009-1956

VCID-cqpz-3xpm-4fhz

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

CVE-2009-0023

VCID-cqrd-ejej-uqe9

A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.

CVE-2010-1623

VCID-exfa-m9xw-wkap

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

CVE-2009-1955

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:40:57.419756+00:00	Debian Oval Importer	Fixing	VCID-cqpz-3xpm-4fhz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:39:12.973097+00:00	Debian Oval Importer	Fixing	VCID-bay7-x8bk-dqf6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:49:59.296258+00:00	Debian Oval Importer	Affected by	VCID-n6j7-vjgu-d7a7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:58:27.135541+00:00	Debian Oval Importer	Fixing	VCID-2h74-w9ra-wbf7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:19:38.417217+00:00	Debian Oval Importer	Fixing	VCID-cqrd-ejej-uqe9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:47:16.021966+00:00	Debian Oval Importer	Fixing	VCID-exfa-m9xw-wkap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:22:53.896961+00:00	Debian Oval Importer	Affected by	VCID-wq29-zfsd-4fbp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0