[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#271933: CAN-2004-0786: apr_uri_parse() buffer overflow

Package: libapr0
Version: 2.0.50-12
Severity: grave
Tags: security
Justification: user security hole

Uniras has reported a vulnerability in apr-util:


"The identified vulnerability is in the apr-util library; the
apr_uri_parse function in the apr-util library lacks input validation on
IPv6 literal addresses, which can result in a negative length parameter
being passed to memcpy."

It's likely that this bug affects Subversion.

Reply to: