CVE-2023-49582 – Apache Portable Runtime (APR): Unexpected lax shared memory permissions
https://notcve.org/view.php?id=CVE-2023-49582
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. • https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-28331 – Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
https://notcve.org/view.php?id=CVE-2022-28331
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r https://access.redhat.com/security/cve/CVE-2022-28331 https://bugzilla.redhat.com/show_bug.cgi?id=2172556 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2022-25147 – Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions
https://notcve.org/view.php?id=CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. Vulnerabilidad de desbordamiento de enteros o envoltura en las funciones apr_base64 de Apache Portable Runtime Utility (APR-util) permite a un atacante escribir más allá de los límites de un búfer. Este problema afecta a Apache Portable Runtime Utility (APR-util) 1.6.1 y versiones anteriores. A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions. • https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 https://security.netapp.com/advisory/ntap-20240315-0001 https://access.redhat.com/security/cve/CVE-2022-25147 https://bugzilla.redhat.com/show_bug.cgi?id=2169652 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-24963 – Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
https://notcve.org/view.php?id=CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. • https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://security.netapp.com/advisory/ntap-20230908-0008 https://access.redhat.com/security/cve/CVE-2022-24963 https://bugzilla.redhat.com/show_bug.cgi?id=2169465 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-35940 – Regression of CVE-2017-12613
https://notcve.org/view.php?id=CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Se ha corregido una lectura de matrices fuera de límites en la función apr_time_exp*() en Apache Portable Runtime versión 1.6.3 (CVE-2017-12613). La corrección de este problema no se trasladó a la rama APR versión 1.7.x, por lo que la versión 1.7.0 retrocedió en comparación con la versión 1.6.3 y es vulnerable al mismo problema. • http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3E http://svn.apache.org/viewvc?view=revision&revision=1891198 http://www.openwall.com/lists/oss-security/2021/08/23/1 https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch https://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r317c398ee • CWE-125: Out-of-bounds Read •