CVE-2017-12613

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Portable Runtime APR versions 1.6.2 and prior

Description The issue is related to the apr time exp*() and apr os exp time*() functions in the Apache Portable Runtime APR. When these functions are invoked with an invalid month field value, out of bounds memory may be accessed, potentially revealing the contents of a different static heap value or resulting in program termination. This may represent an information disclosure or denial of service vulnerability to applications that call these APR functions with unvalidated external input.

Recommendations For Apache Portable Runtime APR versions 1.6.2 and prior, consider updating to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2663

ALT-PU-2024-14982

BDU:2022-05946

CESA-2017_3270

CVE-2017-12613

DLA-1162-1

DLA-2897-1

MGASA-2017-0417

OESA-2021-1096

OESA-2021-1097

RHSA-2017:3270

RHSA-2017:3476

RHSA-2017:3477

RHSA-2017_3270

RHSA-2018:0316

RHSA-2018:0466

RHSA-2018:1253

SUSE-SU-2018:1196-1

SUSE-SU-2018:1322-1

SUSE-SU-2018_1196-1

SUSE-SU-2018_1322-1

Affected Products

Alt Linux

Apache Portable Runtime

Centos

Red Hat

Suse

CVE-2017-12613

Weakness Enumeration

Related Identifiers

Affected Products

References · 80