Release date:
Updated on:
Affected Systems:
Apache Group APR-util 1.3.x
Unaffected system:
Apache Group APR-util 1.3.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43673
Cve id: CVE-2010-1623
Apr-util is the Apache tool library used by Apache to transplant runtime.
The apr_brigade_split_line function in the buckets/apr_brigade.c file of APR-util does not properly process user requests. Remote attackers can use this function to cause high memory consumption.
<* Source: Stefan Fritsch (sf@sfritsch.de)
Link: http://secunia.com/advisories/41701
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://svn.apache.org/viewvc? View = revision & revision = 1003492
Http://svn.apache.org/viewvc? View = revision & revision = 1003493
Http://svn.apache.org/viewvc? View = revision & revision = 1003494
Http://svn.apache.org/viewvc? View = revision & revision = 1003495