Out of Bound Read Vulnerability in Apache Portable Runtime Utility Affects Multiple Versions
CVE-2017-12618

4.7MEDIUM

Key Information:

Vendor
Apache
Status
Apache Portable Runtime
Vendor
CVE Published:
24 October 2017

Summary

The Apache Portable Runtime Utility (APR-util) versions 1.6.0 and earlier are susceptible to an out of bound read vulnerability due to inadequate validation of the integrity of SDBM database files utilized by the apr_sdbm*() functions. A local user, possessing write access to the database, can exploit this flaw to potentially crash programs reliant on these functions, leading to a denial of service condition.

Affected Version(s)

Apache Portable Runtime 1.6.0 and prior

References

https://lists.debian.org/debian-lts-announce/2017/11/msg0...
mailing-listx_refsource_MLIST
http://www.securitytracker.com/id/1042004
vdb-entryx_refsource_SECTRACK
http://mail-archives.apache.org/mod_mbox/apr-dev/201710.m...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.