[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request (apr-util)
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-06-06 17:21:02
Message-ID: Pine.GSO.4.51.0906061320440.28142 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2009-1956
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
Reference: MLIST:[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?
Reference: URL:http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
Reference: MLIST:[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?
Reference: URL:http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
Reference: MLIST:[oss-security] 20090605 CVE Request (apr-util)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/06/1
Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=768417
Reference: CONFIRM:http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=504390

Off-by-one error in the apr_brigade_vprintf function in Apache
APR-util before 1.3.5 on big-endian platforms allows remote attackers
to obtain sensitive information or cause a denial of service
(application crash) via crafted input.


[prev in list] [next in list] [prev in thread] [next in thread]