Search for packages
| purl | pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5 |
| Next non-vulnerable version | 1.6.1-5+deb11u1 |
| Latest non-vulnerable version | 1.6.1-5+deb11u1 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5pbq-sddx-aaar
Aliases: CVE-2017-12618 |
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. |
Affected by 1 other vulnerability. |
|
VCID-pchy-8zhu-aaap
Aliases: CVE-2022-25147 |
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1sxy-v71c-aaah | Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. |
CVE-2009-1956
|
| VCID-g44f-ek3a-aaak | The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. |
CVE-2009-0023
|
| VCID-rxf1-1k5a-aaam | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. |
CVE-2010-1623
|
| VCID-tepv-qzma-aaab | The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. |
CVE-2009-1955
|
| VCID-us96-4dyu-aaad | Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. |
CVE-2009-2412
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:14:11.824030+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:50:12.232323+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:31:46.661932+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:18:52.861370+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:15:35.435896+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:14:14.100061+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:50:15.199204+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:51:35.338118+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:54:55.423357+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:48:27.022909+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T07:38:17.323535+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | None | 36.1.3 |
| 2025-06-21T00:13:59.865773+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | None | 36.1.3 |
| 2025-06-21T00:06:49.270429+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | None | 36.1.3 |
| 2025-06-20T23:57:53.181074+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | None | 36.1.3 |
| 2025-06-20T22:57:36.565316+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | None | 36.1.3 |
| 2025-06-20T22:38:47.249438+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | None | 36.1.3 |
| 2025-06-20T20:36:08.631737+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | None | 36.1.3 |
| 2025-06-08T12:48:16.141857+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:11:20.997253+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:43:00.036108+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:20:03.006572+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:02:13.901299+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:59:59.428793+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:57:01.460745+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:55:43.048251+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:43:36.302552+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:45:48.201252+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:49:56.572984+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:43:30.000099+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:13.116286+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | None | 36.1.0 |
| 2025-06-07T17:36:51.654704+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | None | 36.1.0 |
| 2025-06-07T17:29:35.448429+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | None | 36.1.0 |
| 2025-06-07T17:20:46.851482+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | None | 36.1.0 |
| 2025-06-07T16:20:52.197125+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | None | 36.1.0 |
| 2025-06-07T16:02:45.012691+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | None | 36.1.0 |
| 2025-06-07T14:08:39.922450+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | None | 36.1.0 |
| 2025-04-12T20:44:25.640491+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:12:26.060668+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:35:11.728604+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:57:01.388877+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:27:49.755193+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:04:01.156236+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:45:09.058216+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:32:15.912173+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:29:13.910811+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:27:55.486341+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:16:06.615450+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:18:13.156639+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:21:42.385801+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:15:13.596041+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.866565+00:00 | Debian Oval Importer | Affected by | VCID-pchy-8zhu-aaap | None | 36.0.0 |
| 2025-04-07T16:11:34.336443+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | None | 36.0.0 |
| 2025-04-07T16:04:06.128924+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | None | 36.0.0 |
| 2025-04-07T15:54:48.987102+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | None | 36.0.0 |
| 2025-04-07T14:52:34.739041+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | None | 36.0.0 |
| 2025-04-07T14:33:53.285403+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | None | 36.0.0 |
| 2025-04-07T12:42:11.696874+00:00 | Debian Oval Importer | Affected by | VCID-5pbq-sddx-aaar | None | 36.0.0 |
| 2024-11-27T16:28:50.142724+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T05:21:21.197709+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T04:43:06.221468+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T04:41:34.925906+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-26T23:45:22.794838+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T09:56:12.333280+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T02:13:07.959817+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T01:47:10.426318+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T01:46:05.954646+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-12T22:23:13.801906+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T22:18:24.259735+00:00 | Debian Oval Importer | Fixing | VCID-rxf1-1k5a-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T19:27:12.498378+00:00 | Debian Oval Importer | Fixing | VCID-us96-4dyu-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T19:17:44.764123+00:00 | Debian Oval Importer | Fixing | VCID-1sxy-v71c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T19:17:15.838061+00:00 | Debian Oval Importer | Fixing | VCID-tepv-qzma-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T18:03:42.829645+00:00 | Debian Oval Importer | Fixing | VCID-g44f-ek3a-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |