Out-of-bounds Read in apr-util

Do your applications use this vulnerable package? Test your applications

Overview

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

References

Debian Security Announcement
Debian Security Tracker
MLIST
Security Focus
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-12618
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-APRUTIL-331345
Disclosed: 24 Oct, 2017
Published: 24 Oct, 2017

Out-of-bounds Read
Affecting apr-util package, versions *

Overview

References

CVSS Score

Out-of-bounds Read Affecting apr-util package, versions *

Overview

References

Out-of-bounds Read
Affecting apr-util package, versions *