[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request (apr-util)
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2009-06-06 17:21:02
Message-ID: Pine.GSO.4.51.0906061320440.28142 () faron ! mitre ! org
[Download RAW message or body]
======================================================
Name: CVE-2009-1956
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
Reference: MLIST:[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?
Reference: URL:http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
Reference: MLIST:[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?
Reference: URL:http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
Reference: MLIST:[oss-security] 20090605 CVE Request (apr-util)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/06/1
Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=768417
Reference: CONFIRM:http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=504390
Off-by-one error in the apr_brigade_vprintf function in Apache
APR-util before 1.3.5 on big-endian platforms allows remote attackers
to obtain sensitive information or cause a denial of service
(application crash) via crafted input.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic