CVE-2022-24963

CWE-190 — Integer Overflow9 documents8 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 66.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Portable Runtime (apr)Apache Portable Runtime

Timeline

PublishedJan 31

Latest updateFeb 27

Description

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDapache/portable_runtime1.7.0

▶CVEListV5apache_software_foundation/apache_portable_runtime_(apr)1.7.0

▶Alpineapr< 1.7.1-r0+9

▶Debianapr< 1.7.0-6+deb11u2+3

🔴Vulnerability Details

OSV

CVE-2022-24963: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a b↗2023-01-31

▶

OSV

CVE-2022-24963: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a b↗2023-01-31

▶

CVEList

Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions↗2023-01-31

▶

GHSA

GHSA-6rr3-mpxq-hv4x: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a b↗2023-01-31

▶

📋Vendor Advisories

Ubuntu

APR vulnerability↗2023-02-27

▶

Red Hat

apr: integer overflow/wraparound in apr_encode↗2023-01-31

▶

Microsoft

Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions↗2023-01-10

▶

Debian

CVE-2022-24963: apr - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache P...↗2022

▶