'[oss-security] CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64
From:       Eric Covener <covener () apache ! org>
Date:       2023-01-31 15:13:06
Message-ID: 76996523-6b4d-c462-9ae9-9f3d1bbc8b2e () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime \
Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\nThis issue affects \
Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

Credit:

Ronald Crane (Zippenhop LLC) (reporter)

References:

https://apr.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-25147

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic