Vulnerabilites related to Apache Software Foundation - Apache Portable Runtime Utility (APR-util)
cve-2022-25147
Vulnerability from cvelistv5
Published
2023-01-31 15:54
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portable Runtime Utility (APR-util) |
Version: 0 ≤ 1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:29:01.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240315-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Portable Runtime Utility (APR-util)", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.6.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Ronald Crane (Zippenhop LLC)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.</div><div><br></div><div>This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.</div>", }, ], value: "Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\n\n\n\n\nThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-15T11:06:10.888Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8", }, { url: "https://security.netapp.com/advisory/ntap-20240315-0001/", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-25147", datePublished: "2023-01-31T15:54:51.395Z", dateReserved: "2022-02-14T07:58:18.424Z", dateUpdated: "2025-02-13T16:32:27.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }