FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- apr_uri_parse IPv6 address handling vulnerability

Affected packages
2.0 <= apache < 2.0.50_3

Details

VuXML ID 762d1c6d-0722-11d9-b45d-000c41e2cdad
Discovery 2004-09-15
Entry 2004-09-15

The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apr_uri_parse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitable vulnerability on some platforms, including FreeBSD.

References

CVE Name CVE-2004-0786
URL http://httpd.apache.org