Apache Software Foundation Apache Portable Runtime vulnerabilities

CVE-2017-12613 [HIGH] CVE-2017-12613: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1 When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program t

CVE-2017-12618 [MEDIUM] CWE-125 CVE-2017-12618: Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM da Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.