VIR Vulnerability Intelligence Relay

CVE-2010-1623

medium
Published 2010-10-04 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.0

Description

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 2.2.16-3
sid Fixed 2.2.16-3
forky Fixed 2.2.16-3
bullseye Fixed 2.2.16-3
bookworm Fixed 2.2.16-3

Application impact
VendorProductVersionsFixed
apache apacheapr-util{"endIncluding":"1.3.9"}
apache apacheapr-util0.9.1
apache apacheapr-util0.9.2
apache apacheapr-util0.9.3
apache apacheapr-util0.9.4
apache apacheapr-util0.9.5
apache apacheapr-util0.9.6
apache apacheapr-util0.9.7
apache apacheapr-util0.9.8
apache apacheapr-util0.9.9
apache apacheapr-util0.9.10
apache apacheapr-util0.9.11
apache apacheapr-util0.9.12
apache apacheapr-util0.9.13
apache apacheapr-util0.9.14
apache apacheapr-util0.9.15
apache apacheapr-util0.9.16
apache apacheapr-util0.9.17
apache apacheapr-util0.9.18
apache apacheapr-util1.0
apache apacheapr-util1.0.1
apache apacheapr-util1.0.2
apache apacheapr-util1.1.0
apache apacheapr-util1.1.1
apache apacheapr-util1.1.2
apache apacheapr-util1.2.1
apache apacheapr-util1.2.2
apache apacheapr-util1.2.6
apache apacheapr-util1.2.7
apache apacheapr-util1.2.8
apache apacheapr-util1.2.9
apache apacheapr-util1.2.10
apache apacheapr-util1.2.12
apache apacheapr-util1.2.13
apache apacheapr-util1.3.0
apache apacheapr-util1.3.1
apache apacheapr-util1.3.2
apache apacheapr-util1.3.3
apache apacheapr-util1.3.4
apache apacheapr-util1.3.5
apache apacheapr-util1.3.6
apache apacheapr-util1.3.7
apache apacheapr-util1.3.8
apache apachehttp_server{"startIncluding":"2.0.35","endExcluding":"2.0.64"}2.0.64
apache apachehttp_server{"startIncluding":"2.2.0","endExcluding":"2.2.17"}2.2.17

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.