4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
Issue Overview:
Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618)
Affected Packages:
apr-util
Issue Correction:
Run yum update apr-util to update your system.
New Packages:
i686:
apr-util-openssl-1.5.4-6.18.amzn1.i686
apr-util-ldap-1.5.4-6.18.amzn1.i686
apr-util-sqlite-1.5.4-6.18.amzn1.i686
apr-util-pgsql-1.5.4-6.18.amzn1.i686
apr-util-odbc-1.5.4-6.18.amzn1.i686
apr-util-debuginfo-1.5.4-6.18.amzn1.i686
apr-util-devel-1.5.4-6.18.amzn1.i686
apr-util-freetds-1.5.4-6.18.amzn1.i686
apr-util-nss-1.5.4-6.18.amzn1.i686
apr-util-mysql-1.5.4-6.18.amzn1.i686
apr-util-1.5.4-6.18.amzn1.i686
src:
apr-util-1.5.4-6.18.amzn1.src
x86_64:
apr-util-sqlite-1.5.4-6.18.amzn1.x86_64
apr-util-mysql-1.5.4-6.18.amzn1.x86_64
apr-util-odbc-1.5.4-6.18.amzn1.x86_64
apr-util-openssl-1.5.4-6.18.amzn1.x86_64
apr-util-ldap-1.5.4-6.18.amzn1.x86_64
apr-util-1.5.4-6.18.amzn1.x86_64
apr-util-devel-1.5.4-6.18.amzn1.x86_64
apr-util-pgsql-1.5.4-6.18.amzn1.x86_64
apr-util-nss-1.5.4-6.18.amzn1.x86_64
apr-util-debuginfo-1.5.4-6.18.amzn1.x86_64
apr-util-freetds-1.5.4-6.18.amzn1.x86_64
Red Hat: CVE-2017-12618
Mitre: CVE-2017-12618
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | apr-util-openssl | < 1.5.4-6.18.amzn1 | apr-util-openssl-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-ldap | < 1.5.4-6.18.amzn1 | apr-util-ldap-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-sqlite | < 1.5.4-6.18.amzn1 | apr-util-sqlite-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-pgsql | < 1.5.4-6.18.amzn1 | apr-util-pgsql-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-odbc | < 1.5.4-6.18.amzn1 | apr-util-odbc-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-debuginfo | < 1.5.4-6.18.amzn1 | apr-util-debuginfo-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-devel | < 1.5.4-6.18.amzn1 | apr-util-devel-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-freetds | < 1.5.4-6.18.amzn1 | apr-util-freetds-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-nss | < 1.5.4-6.18.amzn1 | apr-util-nss-1.5.4-6.18.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | apr-util-mysql | < 1.5.4-6.18.amzn1 | apr-util-mysql-1.5.4-6.18.amzn1.i686.rpm |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%