CVE-2010-1623

MEDIUM

Description

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

References

http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

http://marc.info/?l=bugtraq&m=130168502603566&w=2

http://secunia.com/advisories/41701

http://secunia.com/advisories/42015

http://secunia.com/advisories/42361

http://secunia.com/advisories/42367

http://secunia.com/advisories/42403

http://secunia.com/advisories/42537

http://secunia.com/advisories/43211

http://secunia.com/advisories/43285

http://security-tracker.debian.org/tracker/CVE-2010-1623

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828

http://svn.apache.org/viewvc?view=revision&revision=1003492

http://svn.apache.org/viewvc?view=revision&revision=1003493

http://svn.apache.org/viewvc?view=revision&revision=1003494

http://svn.apache.org/viewvc?view=revision&revision=1003495

http://svn.apache.org/viewvc?view=revision&revision=1003626

http://ubuntu.com/usn/usn-1021-1

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3

http://www.mandriva.com/security/advisories?name=MDVSA-2010:192

http://www.redhat.com/support/errata/RHSA-2010-0950.html

http://www.redhat.com/support/errata/RHSA-2011-0896.html

http://www.redhat.com/support/errata/RHSA-2011-0897.html

http://www.securityfocus.com/bid/43673

http://www.ubuntu.com/usn/USN-1022-1

http://www.vupen.com/english/advisories/2010/2556

http://www.vupen.com/english/advisories/2010/2557

http://www.vupen.com/english/advisories/2010/2806

http://www.vupen.com/english/advisories/2010/3064

http://www.vupen.com/english/advisories/2010/3065

http://www.vupen.com/english/advisories/2010/3074

http://www.vupen.com/english/advisories/2011/0358

http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800

Details

Source: MITRE

Published: 2010-10-04

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM