CVE-2017-12618

4.7MEDIUM

Key Information:

Vendor: Apache
Status: Apache Portable Runtime
Vendor: CVE Published:; 24 October 2017

Summary

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Affected Version(s)

Apache Portable Runtime 1.6.0 and prior

References

https://lists.debian.org/debian-lts-announce/2017/11/msg0...

mailing-listx_refsource_MLIST

http://www.securitytracker.com/id/1042004

vdb-entryx_refsource_SECTRACK

http://mail-archives.apache.org/mod_mbox/apr-dev/201710.m...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2017
Vulnerability Reserved
Aug 7, 2017

.