CVE-2022-28331 – Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
https://notcve.org/view.php?id=CVE-2022-28331
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments. • https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r https://access.redhat.com/security/cve/CVE-2022-28331 https://bugzilla.redhat.com/show_bug.cgi?id=2172556 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2022-24963 – Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
https://notcve.org/view.php?id=CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. • https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://security.netapp.com/advisory/ntap-20230908-0008 https://access.redhat.com/security/cve/CVE-2022-24963 https://bugzilla.redhat.com/show_bug.cgi?id=2169465 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-35940 – Regression of CVE-2017-12613
https://notcve.org/view.php?id=CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Se ha corregido una lectura de matrices fuera de límites en la función apr_time_exp*() en Apache Portable Runtime versión 1.6.3 (CVE-2017-12613). La corrección de este problema no se trasladó a la rama APR versión 1.7.x, por lo que la versión 1.7.0 retrocedió en comparación con la versión 1.6.3 y es vulnerable al mismo problema. • http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3E http://svn.apache.org/viewvc?view=revision&revision=1891198 http://www.openwall.com/lists/oss-security/2021/08/23/1 https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch https://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r317c398ee • CWE-125: Out-of-bounds Read •