CVE-2021-35940
published 2021-08-23CVE-2021-35940: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | portable_runtime | — | — |
| debian | apr | < apr 1.7.0-7 (bookworm) | apr 1.7.0-7 (bookworm) |
| oracle | http_server | — | — |
| oracle | http_server | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH