Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability

Apache 'APR-util' is prone to an off-by-one vulnerability that may allow attackers to obtain sensitive information or trigger a denial-of-service condition.

Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of an application that uses the affected library, but this has not been confirmed.

Versions prior to 'APR-util' 1.3.5 on big-endian platforms are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus