Ronald Crane discovered that missing input sanitizing in the apr_encode functions of apr, the Apache Portable Runtime library, may result in denial of service or potentially the execution of arbitrary code.
Continue reading...
Continue reading...