CVE-2022-25147
published 2023-01-31CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of…
medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.3-r0 | 1.6.3-r0 |
| apache | apr-util | >= 0 < 1.6.1-5+deb11u1 | 1.6.1-5+deb11u1 |
| apache | apr-util | >= 0 < 1.6.3-1 | 1.6.3-1 |
| apache | apr-util | >= 0 < 1.6.3-1 | 1.6.3-1 |
| apache | apr-util | >= 0 < 1.6.3-1 | 1.6.3-1 |
| apache | portable_runtime_utility | <= 1.6.1 | — |
| apache_software_foundation | apache_portable_runtime_utility | <= 1.6.1 | — |
| debian | apr-util | < apr-util 1.6.3-1 (bookworm) | apr-util 1.6.3-1 (bookworm) |
| msrc | cbl2_apr-util_1.6.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_apr-util_1.6.3-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
osv6.5MEDIUM