CVE-2022-24963

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Portable Runtime (APR) version 1.7.0

Description The issue is related to an Integer Overflow or Wraparound vulnerability in the apr encode functions of Apache Portable Runtime (APR), allowing an attacker to write beyond the bounds of a buffer. This can potentially enable a remote attacker to execute arbitrary code.

Recommendations For Apache Portable Runtime (APR) version 1.7.0, update to a version that fixes the Integer Overflow or Wraparound vulnerability in the apr encode functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:7711

ALT-PU-2024-15150

AZL-13226

AZL-34546

BDU:2024-00850

BIT-APR-2022-24963

CVE-2022-24963

DSA-5370-1

INFSA-2023_7711

MGASA-2023-0063

OESA-2023-1095

OESA-2023-1096

OESA-2023-1117

OESA-2023-1118

OPENSUSE-SU-2024:12655-1

RHSA-2023:4629

RHSA-2023:4909

RHSA-2023:7711

RHSA-2023_7711

RLSA-2023:7711

USN-5885-1

Affected Products

Alt Linux

Almalinux

Apache Portable Runtime

Linuxmint

Red Hat

Ubuntu

CVE-2022-24963

Weakness Enumeration

Related Identifiers

Affected Products

References · 46