CVE-2010-1623 Information
Share on:Description
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10 as used in the mod_reqtimeout module in the Apache HTTP Server and other software allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Reference
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://secunia.com/advisories/41701 http://secunia.com/advisories/42015 http://secunia.com/advisories/42361 http://secunia.com/advisories/42367 http://secunia.com/advisories/42403 http://secunia.com/advisories/42537 http://secunia.com/advisories/43211 http://secunia.com/advisories/43285 http://security-tracker.debian.org/tracker/CVE-2010-1623 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828 http://svn.apache.org/viewvc?view=revision&revision=1003492 http://svn.apache.org/viewvc?view=revision&revision=1003493 http://svn.apache.org/viewvc?view=revision&revision=1003494 http://svn.apache.org/viewvc?view=revision&revision=1003495 http://svn.apache.org/viewvc?view=revision&revision=1003626 http://ubuntu.com/usn/usn-1021-1 http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 http://www.mandriva.com/security/advisories?name=MDVSA-2010:192 http://www.redhat.com/support/errata/RHSA-2010-0950.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.redhat.com/support/errata/RHSA-2011-0897.html http://www.securityfocus.com/bid/43673 http://www.ubuntu.com/usn/USN-1022-1 http://www.vupen.com/english/advisories/2010/2556 http://www.vupen.com/english/advisories/2010/2557 http://www.vupen.com/english/advisories/2010/2806 http://www.vupen.com/english/advisories/2010/3064 http://www.vupen.com/english/advisories/2010/3065 http://www.vupen.com/english/advisories/2010/3074 http://www.vupen.com/english/advisories/2011/0358 http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@3Ccvs.httpd.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12800