CVE-2009-2412
The MITRE CVE dictionary describes this issue as:
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Find out more about CVE-2009-2412 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 3 (httpd) | RHSA-2009:1205 | 2009-08-10 |
| Red Hat Enterprise Linux 4 | RHSA-2009:1204 | 2009-08-10 |
| Red Hat JBoss Web Server 1.0 for RHEL 4 AS (httpd22) | RHSA-2009:1462 | 2009-09-24 |
| Red Hat Certificate System 7.3 for 4AS | RHSA-2010:0602 | 2010-08-04 |
| Red Hat Enterprise Linux 5 | RHSA-2009:1204 | 2009-08-10 |
CVE description copyright © 2017, The MITRE Corporation