CVE-2017-12618

CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

4.7MEDIUM

EPSS

0.3%

top 47.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Portable Runtime Apache Portable Runtime Utility

Timeline

PublishedOct 24

Latest updateNov 23

Description

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/portable_runtime_utility59 versions+58

▶CVEListV5apache_software_foundation/apache_portable_runtime1.6.0 and prior

▶Debianapr-util< 1.6.1-1+3

🔴Vulnerability Details

GHSA

GHSA-cxw3-v6f8-2cpm: Apache Portable Runtime Utility (APR-util) 1↗2022-05-14

▶

CVEList

CVE-2017-12618: Apache Portable Runtime Utility (APR-util) 1↗2017-10-24

▶

OSV

CVE-2017-12618: Apache Portable Runtime Utility (APR-util) 1↗2017-10-24

▶

📋Vendor Advisories

Ubuntu

APR-util vulnerability↗2022-11-23

▶

Apple

CVE-2017-12618: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra↗2018-10-30

▶

Apple

CVE-2017-12618: macOS Mojave 10.14↗2018-09-24

▶

Red Hat

apr-util: Out-of-bounds access in corrupted SDBM database↗2017-10-23

▶

Debian

CVE-2017-12618: apr-util - Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the ...↗2017

▶

💬Community

Bugzilla

CVE-2017-12618 apr-util: Out-of-bounds access in corrupted SDBM database [fedora-all]↗2017-10-26

▶

Bugzilla

CVE-2017-12618 apr-util: Out-of-bounds access in corrupted SDBM database↗2017-10-26

▶