PT-2023-9004 · Apache+10 · Apr-Util+10

Ronald Crane

·

Published

2023-01-31

·

Updated

2024-10-15

·

CVE-2022-25147

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Apache Portable Runtime Utility (APR-util) versions 1.6.1 and prior versions.
Description The issue is related to an Integer Overflow or Wraparound vulnerability in the apr base64 functions of Apache Portable Runtime Utility (APR-util), allowing an attacker to write beyond the bounds of a buffer. This can potentially enable a remote attacker to execute arbitrary code.
Recommendations For Apache Portable Runtime Utility (APR-util) versions 1.6.1 and prior versions, update to a version later than 1.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the apr base64 functions to minimize the risk of exploitation.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:3109
ALSA-2023:3147
ALT-PU-2024-13344
ALT-PU-2024-13348
ALT-PU-2024-13594
AZL-13212
BDU:2024-02969
CESA-2023_3109
CESA-2023_3145
CVE-2022-25147
DLA-3332-1
DSA-5364-1
MGASA-2023-0045
OESA-2023-1105
OESA-2023-1108
OPENSUSE-SU-2023_0389-1
OPENSUSE-SU-2024:12656-1
RHSA-2023:3109
RHSA-2023:3145
RHSA-2023:3146
RHSA-2023:3147
RHSA-2023:3177
RHSA-2023:3178
RHSA-2023:3354
RHSA-2023:3360
RHSA-2023:3380
RHSA-2023_3109
RHSA-2023_3145
RHSA-2023_3147
RLSA-2023:3109
RLSA-2023:3147
ROSA-SA-2023-2175
SUSE-SU-2023:0324-1
SUSE-SU-2023:0325-1
SUSE-SU-2023:0337-1
SUSE-SU-2023:0338-1
SUSE-SU-2023:0389-1
SUSE-SU-2023_0324-1
SUSE-SU-2023_0325-1
SUSE-SU-2023_0337-1
SUSE-SU-2023_0338-1
SUSE-SU-2023_0389-1
USN-5870-1

Affected Products

Alt Linux
Apr-Util
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu