CVE-2009-0023

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-0023
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-0023.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-0023
Related
Published
2009-06-08T01:00:00Z
Modified
2024-09-11T02:00:07Z
Summary
[none]
Details

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the moddavsvn module in the Apache HTTP Server, (3) the modapreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

References

Affected packages

Debian:11 / apr-util

Package

Name
apr-util
Purl
pkg:deb/debian/apr-util?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apr-util

Package

Name
apr-util
Purl
pkg:deb/debian/apr-util?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apr-util

Package

Name
apr-util
Purl
pkg:deb/debian/apr-util?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}