CVE - CVE-2010-1623

CVE-ID
CVE-2010-1623	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://security-tracker.debian.org/tracker/CVE-2010-1623 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1003492 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1003493 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1003494 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1003495 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1003626 CONFIRM:http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 CONFIRM:http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak AIXAPAR:PM23263 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601 AIXAPAR:PM31601 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601 FEDORA:FEDORA-2010-15916 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html FEDORA:FEDORA-2010-15953 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html HP:HPSBUX02645 URL:http://marc.info/?l=bugtraq&m=130168502603566&w=2 MANDRIVA:MDVSA-2010:192 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:192 REDHAT:RHSA-2010:0950 URL:http://www.redhat.com/support/errata/RHSA-2010-0950.html REDHAT:RHSA-2011:0896 URL:http://www.redhat.com/support/errata/RHSA-2011-0896.html REDHAT:RHSA-2011:0897 URL:http://www.redhat.com/support/errata/RHSA-2011-0897.html SLACKWARE:SSA:2011-041-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828 SUSE:SUSE-SU-2011:1229 URL:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html UBUNTU:USN-1021-1 URL:http://ubuntu.com/usn/usn-1021-1 UBUNTU:USN-1022-1 URL:http://www.ubuntu.com/usn/USN-1022-1 BID:43673 URL:http://www.securityfocus.com/bid/43673 OVAL:oval:org.mitre.oval:def:12800 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800 SECUNIA:41701 URL:http://secunia.com/advisories/41701 SECUNIA:42015 URL:http://secunia.com/advisories/42015 SECUNIA:42361 URL:http://secunia.com/advisories/42361 SECUNIA:42367 URL:http://secunia.com/advisories/42367 SECUNIA:42403 URL:http://secunia.com/advisories/42403 SECUNIA:42537 URL:http://secunia.com/advisories/42537 SECUNIA:43211 URL:http://secunia.com/advisories/43211 SECUNIA:43285 URL:http://secunia.com/advisories/43285 VUPEN:ADV-2010-2556 URL:http://www.vupen.com/english/advisories/2010/2556 VUPEN:ADV-2010-2557 URL:http://www.vupen.com/english/advisories/2010/2557 VUPEN:ADV-2010-2806 URL:http://www.vupen.com/english/advisories/2010/2806 VUPEN:ADV-2010-3064 URL:http://www.vupen.com/english/advisories/2010/3064 VUPEN:ADV-2010-3065 URL:http://www.vupen.com/english/advisories/2010/3065 VUPEN:ADV-2010-3074 URL:http://www.vupen.com/english/advisories/2010/3074 VUPEN:ADV-2011-0358 URL:http://www.vupen.com/english/advisories/2011/0358
Assigning CNA
N/A
Date Entry Created
20100429	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us