CVE-2017-12618

Опубликовано: 24 окт. 2017

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Ссылки

http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
Mailing List
Vendor Advisory
http://www.securityfocus.com/bid/101558
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042004
https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html
http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
Mailing List
Vendor Advisory
http://www.securityfocus.com/bid/101558
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042004
https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-12618

CVSS3: 4.7

ubuntu

больше 8 лет назад

CVE-2017-12618

CVSS3: 5.5

redhat

больше 8 лет назад

CVE-2017-12618

CVSS3: 4.7

debian

больше 8 лет назад

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to val ...

openSUSE-SU-2017:3325-1

suse-cvrf

около 8 лет назад

Security update for libapr-util1

SUSE-SU-2018:0307-1

suse-cvrf

около 8 лет назад

Security update for libapr-util1

EPSS

Процентиль: 42%

0.00201

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-125