Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions
CVE-2022-25147

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Portable Runtime Utility (apr-util)
Vendor: CVE Published:; 31 January 2023

Summary

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.

This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

Affected Version(s)

Apache Portable Runtime Utility (APR-util) 0 <= 1.6.1

References

https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl...

vendor-advisory

https://security.netapp.com/advisory/ntap-20240315-0001/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2023
Vulnerability Reserved
Feb 14, 2022

Credit

Ronald Crane (Zippenhop LLC)