2 matches found
The vulnerability of the apr_time_exp*() and apr_os_exp_time*() functions in the APR library allows a hacker to gain access to confidential data, as well as to cause service interruptions.
The vulnerability of the aprtimeexp and aprosexptime functions in the APR library lies in the reading of data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to access confidential data and also cause service failures...
UBUNTU-CVE-2021-35940
An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue...