csaf_suse - suse-su-2018:1322-1

SUSE-SU-2018:1322-1

Vulnerability from csaf_suse - Published: 2018-05-16 19:38 - Updated: 2018-05-16 19:38

Summary

Security update for libapr1

Notes

Title of the patch

Security update for libapr1

Description of the patch

This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982).

Patchnames

sdksp4-libapr1-13607,slessp4-libapr1-13607,slestso13-libapr1-13607

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libapr1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update fixes the following issues:\n  \n- CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982).\n\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-libapr1-13607,slessp4-libapr1-13607,slestso13-libapr1-13607",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1322-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1322-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181322-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1322-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004058.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1064982",
        "url": "https://bugzilla.suse.com/1064982"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12613 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12613/"
      }
    ],
    "title": "Security update for libapr1",
    "tracking": {
      "current_release_date": "2018-05-16T19:38:25Z",
      "generator": {
        "date": "2018-05-16T19:38:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1322-1",
      "initial_release_date": "2018-05-16T19:38:25Z",
      "revision_history": [
        {
          "date": "2018-05-16T19:38:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libapr1-1.3.3-11.18.19.13.2.i586",
                "product": {
                  "name": "libapr1-1.3.3-11.18.19.13.2.i586",
                  "product_id": "libapr1-1.3.3-11.18.19.13.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-devel-1.3.3-11.18.19.13.2.i586",
                "product": {
                  "name": "libapr1-devel-1.3.3-11.18.19.13.2.i586",
                  "product_id": "libapr1-devel-1.3.3-11.18.19.13.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libapr1-devel-1.3.3-11.18.19.13.2.ia64",
                "product": {
                  "name": "libapr1-devel-1.3.3-11.18.19.13.2.ia64",
                  "product_id": "libapr1-devel-1.3.3-11.18.19.13.2.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-1.3.3-11.18.19.13.2.ia64",
                "product": {
                  "name": "libapr1-1.3.3-11.18.19.13.2.ia64",
                  "product_id": "libapr1-1.3.3-11.18.19.13.2.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
                "product": {
                  "name": "libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
                  "product_id": "libapr1-devel-1.3.3-11.18.19.13.2.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
                "product": {
                  "name": "libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
                  "product_id": "libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-1.3.3-11.18.19.13.2.ppc64",
                "product": {
                  "name": "libapr1-1.3.3-11.18.19.13.2.ppc64",
                  "product_id": "libapr1-1.3.3-11.18.19.13.2.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
                "product": {
                  "name": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
                  "product_id": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libapr1-devel-1.3.3-11.18.19.13.2.s390x",
                "product": {
                  "name": "libapr1-devel-1.3.3-11.18.19.13.2.s390x",
                  "product_id": "libapr1-devel-1.3.3-11.18.19.13.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-1.3.3-11.18.19.13.2.s390x",
                "product": {
                  "name": "libapr1-1.3.3-11.18.19.13.2.s390x",
                  "product_id": "libapr1-1.3.3-11.18.19.13.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libapr1-1.3.3-11.18.19.13.2.x86_64",
                "product": {
                  "name": "libapr1-1.3.3-11.18.19.13.2.x86_64",
                  "product_id": "libapr1-1.3.3-11.18.19.13.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
                "product": {
                  "name": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
                  "product_id": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Studio Onsite 1.3",
                "product": {
                  "name": "SUSE Studio Onsite 1.3",
                  "product_id": "SUSE Studio Onsite 1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-studioonsite:1.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.i586"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ia64"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.s390x"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-1.3.3-11.18.19.13.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64"
        },
        "product_reference": "libapr1-1.3.3-11.18.19.13.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64"
        },
        "product_reference": "libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
        },
        "product_reference": "libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12613",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12613"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
          "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
          "SUSE Studio Onsite 1.3:libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12613",
          "url": "https://www.suse.com/security/cve/CVE-2017-12613"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1064982 for CVE-2017-12613",
          "url": "https://bugzilla.suse.com/1064982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190072 for CVE-2017-12613",
          "url": "https://bugzilla.suse.com/1190072"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Studio Onsite 1.3:libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libapr1-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-1.3.3-11.18.19.13.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-32bit-1.3.3-11.18.19.13.2.ppc64",
            "SUSE Studio Onsite 1.3:libapr1-devel-1.3.3-11.18.19.13.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-05-16T19:38:25Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-12613"
    }
  ]
}

CVE-2017-12613 (GCVE-0-2017-12613)

Vulnerability from cvelistv5 – Published: 2017-10-24 01:00 – Updated: 2024-08-05 18:43

Summary

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Severity ?

No CVSS data available.

CWE

Assigner

apache

References

URL

Tags

	https://lists.debian.org/debian-lts-announce/2017…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:0316	vendor-advisoryx_refsource_REDHAT
	https://svn.apache.org/viewvc?view=revision&revis…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042004	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:3475	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0465	vendor-advisoryx_refsource_REDHAT
	http://www.apache.org/dist/apr/Announcement1.x.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:3270	vendor-advisoryx_refsource_REDHAT
	https://lists.apache.org/thread.html/12489f2e4a9f…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:3476	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1253	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3477	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0466	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/101560	vdb-entryx_refsource_BID
	https://lists.apache.org/thread.html/rcc48a0acebb…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r270dd5022db…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ra2868b53339…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/08/23/1	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb1f3c85f50f…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ra38094406cc…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Portable Runtime	Affected: 1.6.2 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
          },
          {
            "name": "RHSA-2018:0316",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "RHSA-2017:3475",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3475"
          },
          {
            "name": "RHSA-2018:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0465"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/apr/Announcement1.x.html"
          },
          {
            "name": "RHSA-2017:3270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3270"
          },
          {
            "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "RHSA-2017:3476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3476"
          },
          {
            "name": "RHSA-2018:1253",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1253"
          },
          {
            "name": "RHSA-2017:3477",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3477"
          },
          {
            "name": "RHSA-2018:0466",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0466"
          },
          {
            "name": "101560",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101560"
          },
          {
            "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
          },
          {
            "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
          },
          {
            "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
          },
          {
            "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Portable Runtime",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.2 and prior"
            }
          ]
        }
      ],
      "datePublic": "2017-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-25T01:06:07",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
        },
        {
          "name": "RHSA-2018:0316",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "RHSA-2017:3475",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3475"
        },
        {
          "name": "RHSA-2018:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0465"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/apr/Announcement1.x.html"
        },
        {
          "name": "RHSA-2017:3270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3270"
        },
        {
          "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "RHSA-2017:3476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3476"
        },
        {
          "name": "RHSA-2018:1253",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1253"
        },
        {
          "name": "RHSA-2017:3477",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3477"
        },
        {
          "name": "RHSA-2018:0466",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0466"
        },
        {
          "name": "101560",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101560"
        },
        {
          "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
        },
        {
          "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
        },
        {
          "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
        },
        {
          "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-12613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Portable Runtime",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.6.2 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
            },
            {
              "name": "RHSA-2018:0316",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0316"
            },
            {
              "name": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976",
              "refsource": "CONFIRM",
              "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2017:3475",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3475"
            },
            {
              "name": "RHSA-2018:0465",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0465"
            },
            {
              "name": "http://www.apache.org/dist/apr/Announcement1.x.html",
              "refsource": "CONFIRM",
              "url": "http://www.apache.org/dist/apr/Announcement1.x.html"
            },
            {
              "name": "RHSA-2017:3270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3270"
            },
            {
              "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
            },
            {
              "name": "RHSA-2017:3476",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3476"
            },
            {
              "name": "RHSA-2018:1253",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1253"
            },
            {
              "name": "RHSA-2017:3477",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3477"
            },
            {
              "name": "RHSA-2018:0466",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0466"
            },
            {
              "name": "101560",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101560"
            },
            {
              "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E"
            },
            {
              "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E"
            },
            {
              "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
            },
            {
              "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3Cdev.apr.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-12613",
    "datePublished": "2017-10-24T01:00:00",
    "dateReserved": "2017-08-07T00:00:00",
    "dateUpdated": "2024-08-05T18:43:56.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2018:1322-1

CVE-2017-12613 (GCVE-0-2017-12613)

Tags

Sightings

Nomenclature