3 results (0.033 seconds)

CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r https://access.redhat.com/security/cve/CVE-2022-28331 https://bugzilla.redhat.com/show_bug.cgi?id=2172556 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 1%CPEs: 35EXPL: 1

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. tables/apr_hash.c en la librería Apache Portable Runtime (APR) hasta v1.4.5 procesa las colisiones Hash de forma predecible, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • https://www.exploit-db.com/exploits/36669 http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E http://openwall.com/lists/oss-security/2012/02/08/3 http://openwall.com/lists/oss-security/2012/02/09/1 http://secunia.com/advisories/47862 http://svn.apache.org/viewvc?rev=1231605&view=rev http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html& • CWE-20: Improper Input Validation •