CVE - CVE-2009-2412

CVE-ID
CVE-2009-2412	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:35949 URL:http://www.securityfocus.com/bid/35949 MISC:36138 URL:http://secunia.com/advisories/36138 MISC:36140 URL:http://secunia.com/advisories/36140 MISC:36166 URL:http://secunia.com/advisories/36166 MISC:36233 URL:http://secunia.com/advisories/36233 MISC:37152 URL:http://secunia.com/advisories/37152 MISC:37221 URL:http://secunia.com/advisories/37221 MISC:56765 URL:~~http://osvdb.org/56765~~ (Obsolete source) MISC:56766 URL:~~http://osvdb.org/56766~~ (Obsolete source) MISC:ADV-2009-3184 URL:~~http://www.vupen.com/english/advisories/2009/3184~~ (Obsolete source) MISC:ADV-2010-1107 URL:~~http://www.vupen.com/english/advisories/2010/1107~~ (Obsolete source) MISC:APPLE-SA-2009-11-09-1 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html MISC:FEDORA-2009-8336 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html MISC:FEDORA-2009-8360 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html MISC:MDVSA-2009:195 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:195~~ (Obsolete source) MISC:PK93225 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225 MISC:PK99482 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482 MISC:SUSE-SA:2009:050 URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html MISC:SUSE-SR:2010:011 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html MISC:USN-813-2 URL:http://www.ubuntu.com/usn/usn-813-2 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E MISC:http://support.apple.com/kb/HT3937 URL:http://support.apple.com/kb/HT3937 MISC:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup URL:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup MISC:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736 URL:http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736 MISC:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup URL:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup MISC:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735 URL:http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735 MISC:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup URL:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup MISC:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733 URL:http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733 MISC:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup URL:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup MISC:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732 URL:http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732 MISC:oval:org.mitre.oval:def:8394 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394 MISC:oval:org.mitre.oval:def:9958 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958
Assigning CNA
Red Hat, Inc.
Date Record Created
20090709	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090709)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.