PT-2021-21068 · Apache+2 · Apache Portable Runtime+2

Published

2021-08-23

Updated

2025-12-10

CVE-2021-35940

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache Portable Runtime versions 1.7.0 Apache Portable Runtime versions prior to 1.6.3

Description: The issue is related to an out-of-bounds array read in the apr time exp*() functions. This problem was previously fixed in the Apache Portable Runtime 1.6.3 release, but the fix was not applied to the APR 1.7.x branch, causing version 1.7.0 to be vulnerable.

Recommendations: For Apache Portable Runtime version 1.7.0, consider updating to a version that includes the fix for the out-of-bounds array read issue. For Apache Portable Runtime versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-15150

ALT-PU-2025-15436

BIT-APR-2021-35940

CVE-2021-35940

MGASA-2021-0428

OPENSUSE-SU-2024:11865-1

USN-5056-1

Affected Products

Alt Linux

Apache Portable Runtime

Ubuntu

PT-2021-21068 · Apache+2 · Apache Portable Runtime+2

CVE-2021-35940

Weakness Enumeration

Related Identifiers

Affected Products

References · 42