CVE-2009-1956
EPSS 5.4%
Description
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
How to fix CVE-2009-1956
To remediate CVE-2009-1956, upgrade the affected package to a fixed version below.
- Debian/apr-util—upgrade to 1.3.7+dfsg-1 or later
Is CVE-2009-1956 being exploited?
Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.3.7+dfsg-1