CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2022-28331 – Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
https://notcve.org/view.php?id=CVE-2022-28331
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r https://access.redhat.com/security/cve/CVE-2022-28331 https://bugzilla.redhat.com/show_bug.cgi?id=2172556 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 59EXPL: 0CVE-2017-12618
https://notcve.org/view.php?id=CVE-2017-12618
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Apache Portable Runtime Utility (APR-util) en versiones 1.6.0 y anteriores falla a la hora de validar la integridad de los archivos de la base de datos SDBM utilizados por la función apr_sdbm*(), resultando en un posible acceso de lectura fuera de lÃmites. Un usuario local con acceso de escritura en la base de datos puede hacer que un programa o proceso que utilicen estas funciones se cierren de manera inesperada y provocque una denegación de servicio (DoS). • http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E http://www.securityfocus.com/bid/101558 http://www.securitytracker.com/id/1042004 https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2017-12613 – apr: Out-of-bounds array deref in apr_time_exp*() functions
https://notcve.org/view.php?id=CVE-2017-12613
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 1CVE-2012-0840 – Apache APR - Hash Collision Denial of Service
https://notcve.org/view.php?id=CVE-2012-0840
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. tables/apr_hash.c en la librería Apache Portable Runtime (APR) hasta v1.4.5 procesa las colisiones Hash de forma predecible, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • https://www.exploit-db.com/exploits/36669 http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E http://openwall.com/lists/oss-security/2012/02/08/3 http://openwall.com/lists/oss-security/2012/02/09/1 http://secunia.com/advisories/47862 http://svn.apache.org/viewvc?rev=1231605&view=rev http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html& • CWE-20: Improper Input Validation •