CVE-2009-0023

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-0023
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-0023.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2009-0023
Downstream
Related
Published
2009-06-08T01:00:00Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the moddavsvn module in the Apache HTTP Server, (3) the modapreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

References

Affected packages