CVE-2022-24963

Опубликовано: 31 янв. 2023

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.

Отчет

Versions of "apr-util" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. "apr_encode_*" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	apr	Not affected
Red Hat Enterprise Linux 6	apr-util	Not affected
Red Hat Enterprise Linux 7	apr	Not affected
Red Hat Enterprise Linux 7	apr-util	Not affected
Red Hat Enterprise Linux 8	apr	Not affected
Red Hat Enterprise Linux 8	apr-util	Not affected
Red Hat Enterprise Linux 9	apr-util	Not affected
JBoss Core Services for RHEL 8	jbcs-httpd24-apr	Fixed	RHSA-2023:4629	15.08.2023
JBoss Core Services on RHEL 7	jbcs-httpd24-apr	Fixed	RHSA-2023:4629	15.08.2023
JWS 5.7.4 release	apr	Fixed	RHSA-2023:4910	04.09.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2169465apr: integer overflow/wraparound in apr_encode

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-24963

CVSS3: 9.8

ubuntu

больше 2 лет назад

CVE-2022-24963

CVSS3: 9.8

nvd

больше 2 лет назад

CVE-2022-24963

CVSS3: 9.8

debian

больше 2 лет назад

Integer Overflow or Wraparound vulnerability in apr_encode functions o ...

GHSA-6rr3-mpxq-hv4x

CVSS3: 9.8

github

больше 2 лет назад

ELSA-2023-7711

oracle-oval

больше 1 года назад

ELSA-2023-7711: apr security update (MODERATE)

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS3