CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28331 – Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
https://notcve.org/view.php?id=CVE-2022-28331
31 Jan 2023 — On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24963 – Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
https://notcve.org/view.php?id=CVE-2022-24963
31 Jan 2023 — Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. T... • https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35940 – Regression of CVE-2017-12613
https://notcve.org/view.php?id=CVE-2021-35940
23 Aug 2021 — An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Se ha corregido una lectura de matrices fuera de límites en la función apr_time_exp*() en Apache Portable Runtime versión 1.6.3 (CVE-2017-12613). La corrección de este problema no se trasladó a la rama APR versión 1.7... • http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3E • CWE-125: Out-of-bounds Read •