PT-2023-9004 · Apache+10 · Apr-Util+10

Ronald Crane

·

Publicado

2023-01-31

·

Atualizado

2024-10-15

·

CVE-2022-25147

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Apache Portable Runtime Utility (APR-util) versions 1.6.1 and prior versions.
Description The issue is related to an Integer Overflow or Wraparound vulnerability in the apr base64 functions of Apache Portable Runtime Utility (APR-util), allowing an attacker to write beyond the bounds of a buffer. This can potentially enable a remote attacker to execute arbitrary code.
Recommendations For Apache Portable Runtime Utility (APR-util) versions 1.6.1 and prior versions, update to a version later than 1.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the apr base64 functions to minimize the risk of exploitation.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2023:3109
ALSA-2023:3147
ALT-PU-2024-13344
ALT-PU-2024-13348
ALT-PU-2024-13594
AZL-13212
BDU:2024-02969
CESA-2023_3109
CESA-2023_3145
CVE-2022-25147
DLA-3332-1
DSA-5364-1
MGASA-2023-0045
OESA-2023-1105
OESA-2023-1108
OPENSUSE-SU-2023_0389-1
OPENSUSE-SU-2024:12656-1
RHSA-2023:3109
RHSA-2023:3145
RHSA-2023:3146
RHSA-2023:3147
RHSA-2023:3177
RHSA-2023:3178
RHSA-2023:3354
RHSA-2023:3360
RHSA-2023:3380
RHSA-2023_3109
RHSA-2023_3145
RHSA-2023_3147
RLSA-2023:3109
RLSA-2023:3147
ROSA-SA-2023-2175
SUSE-SU-2023:0324-1
SUSE-SU-2023:0325-1
SUSE-SU-2023:0337-1
SUSE-SU-2023:0338-1
SUSE-SU-2023:0389-1
SUSE-SU-2023_0324-1
SUSE-SU-2023_0325-1
SUSE-SU-2023_0337-1
SUSE-SU-2023_0338-1
SUSE-SU-2023_0389-1
USN-5870-1

Produtos afetados

Alt Linux
Apr-Util
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu