oss-sec mailing list archives
Re: CVE Request (apr-util)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 6 Jun 2009 13:21:02 -0400 (EDT)
====================================================== Name: CVE-2009-1956 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 Reference: MLIST:[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ? Reference: URL:http://www.mail-archive.com/dev () apr apache org/msg21591.html Reference: MLIST:[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ? Reference: URL:http://www.mail-archive.com/dev () apr apache org/msg21592.html Reference: MLIST:[oss-security] 20090605 CVE Request (apr-util) Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/06/1 Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=768417 Reference: CONFIRM:http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=504390 Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Current thread:
- CVE Request (apr-util) Josh Bressers (Jun 05)
- Re: CVE Request (apr-util) Steven M. Christey (Jun 06)