6 results (0.011 seconds)

CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r https://access.redhat.com/security/cve/CVE-2022-28331 https://bugzilla.redhat.com/show_bug.cgi?id=2172556 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 1%CPEs: 35EXPL: 1

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. tables/apr_hash.c en la librería Apache Portable Runtime (APR) hasta v1.4.5 procesa las colisiones Hash de forma predecible, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • https://www.exploit-db.com/exploits/36669 http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E http://openwall.com/lists/oss-security/2012/02/08/3 http://openwall.com/lists/oss-security/2012/02/09/1 http://secunia.com/advisories/47862 http://svn.apache.org/viewvc?rev=1231605&view=rev http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 33%CPEs: 2EXPL: 0

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. La opción pollset de Solaris en el backend Event Port en poll/unix/port.c en la librería Apache Portable Runtime (APR) anterior v1.3.9, como los usados en Apache HTTP Server atenrior v2.2.14 y otros productos, no manejan adecuadamente los errores, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) a través de peticiones HTTP no especificadas, relativas el prefork y eventos MPMs. • http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://securitytracker.com/id?1022988 http://www.apache.org/dist/httpd/CHANGES_2.2.14 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.securityfocus.com/bid/36596 https://exchange.xforce.ibmcloud.com/vulnerabilities/53666 https://issues.apache.org/bugzilla/show_bug.cgi?id=47645 https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e • CWE-667: Improper Locking •