CVE-2022-25147
Severity
6.5MEDIUM
EPSS
0.1%
top 82.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 31
Latest updateApr 15
Description
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-37mv-q3x5-3mwg: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond↗2023-01-31
OSV▶
CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond↗2023-01-31
CVEList▶
Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions↗2023-01-31
OSV▶
CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond↗2023-01-31
📋Vendor Advisories
8Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (Apache Portable Runtime Utility) — CVE-2022-25147↗2024-04-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Application (Apache Portable Runtime Utility) — CVE-2022-25147↗2024-01-15
Oracle▶
Oracle Oracle Communications Risk Matrix: Platform (Apache Portable Runtime Utility) — CVE-2022-25147↗2023-10-15
Oracle▶
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Apache Portable Runtime Utility) — CVE-2022-25147↗2023-07-15