CVE-2017-12613
Severity
7.1HIGH
EPSS
0.3%
top 51.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 24
Latest updateMay 13
Description
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages10 packages
Also affects: Debian Linux 7.0, 9.0, Enterprise Linux 6.7, 7.3, 7.4, 7.5, 7.6, 7.7, 6.4, 6.5, 6.6, 7.2
🔴Vulnerability Details
3GHSA▶
GHSA-v99m-xvmc-cgf3: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1↗2022-05-13
CVEList▶
CVE-2017-12613: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1↗2017-10-24
OSV▶
CVE-2017-12613: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1↗2017-10-24
📋Vendor Advisories
6Apple▶
CVE-2017-12613: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra↗2018-10-30
Microsoft▶
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting th↗2017-10-10