CVE-2009-1956

Table of Contents

Impact:
Moderate
Public Date:
2009-04-24
Bugzilla:
504390: CVE-2009-1956 apr-util single NULL byte buffer overflow

The MITRE CVE dictionary describes this issue as:

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Find out more about CVE-2009-1956 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (apr-util) RHSA-2009:1107 2009-06-16
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 3 (httpd) RHSA-2009:1108 2009-06-16
Red Hat Enterprise Linux 5 (apr-util) RHSA-2009:1107 2009-06-16
Last Modified

CVE description copyright © 2017, The MITRE Corporation