Portable Runtime Security Vulnerabilities and Issues — Portable Runtime CVE List

ApachePortable Runtime

9 matches found

CVE•added 2011/05/16 5:0 p.m.•749 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.48782EPSS

CVE•added 2017/10/24 1:0 a.m.•446 views

CVE-2017-12613

CVE-2017-12613 affects the Apache Portable Runtime (APR) library: out-of-bounds memory access when apr_time_exp*() or apr_os_exp_time*() are given an invalid month, potentially exposing heap contents or triggering a denial of service. A fix was released in APR 1.6.3 (and later backported in some ...

7.1CVSS7.1AI score0.0025EPSS

CVE•added 2009/10/13 10:0 a.m.•273 views

CVE-2009-2699

The vulnerability CVE-2009-2699 affects the Solaris pollset feature in the Event Port backend (poll/unix/port.c) of the Apache Portable Runtime (APR) library prior to 1.3.9, as used by Apache HTTP Server prior to 2.2.14 and other products. The issue arises from improper error handling in the Sola...

7.5CVSS7.3AI score0.09281EPSS

CVE•added 2023/01/31 3:52 p.m.•222 views

CVE-2022-24963

CVE-2022-24963. Apache Portable Runtime (APR) has an integer overflow in apr_encode functions that can write beyond buffer bounds. Public details confirm affected software APR 1.7.x, with reports stating APR versions less than 1.7.2-1 are vulnerable; a patched version APR 1.7.2-1 (and newer relea...

9.8CVSS7.9AI score0.00147EPSS

CVE•added 2021/08/23 10:0 a.m.•194 views

CVE-2021-35940

The connected docs confirm a concrete issue in the Apache Portable Runtime (APR) regarding CVE-2017-12613: an out-of-bounds array read in apr_time_exp*() that was fixed in APR 1.6.3. The APR 1.7.x branch did not carry that fix, and APR 1.7.0 regressed to be vulnerable to the same issue. A patch f...

7.1CVSS7.1AI score0.0025EPSS

CVE•added 2009/08/06 3:0 p.m.•188 views

CVE-2009-2412

CVE-2009-2412 – summary: Multiple integer overflows in Apache APR (memory/unix/apr_pools.c) and APR-util (misc/apr_rmm.c) for APR 0.9.x/1.3.x allow remote attackers to trigger buffer overflows, causing application crash or, potentially, arbitrary code execution. Likely vectors involve crafted cal...

10CVSS8.1AI score0.10322EPSS

CVE•added 2023/01/31 3:55 p.m.•130 views

CVE-2022-28331

CVE-2022-28331 affects Apache Portable Runtime (APR) 1.7.0 and earlier on Windows, with a write beyond the end of a stack-based buffer in apr_socket_sendv() caused by integer overflow. The vulnerability can lead to arbitrary code execution or a crash and has a CVSS v3.1 base score of 9.8 (CRITICA...

9.8CVSS9.5AI score0.00303EPSS

CVE•added 2024/08/26 2:3 p.m.•109 views

CVE-2023-49582

The CVE-2023-49582 entry concerns the Apache Portable Runtime (APR) library. Affected: Unix platforms using APR for shared memory segments. Root cause: lax permissions on named shared memory segments could permit local users read access, potentially exposing sensitive application data. Impact is ...

5.5CVSS6.5AI score0.00023EPSS

CVE•added 2012/02/10 7:0 p.m.•62 views

CVE-2012-0840

CVE-2012-0840 affects the Apache Portable Runtime (APR) library, specifically tables/apr_hash.c, up to version 1.4.5. The vulnerability arises from insufficient randomization of hash data structures, enabling context-dependent remote attackers to trigger predictable hash collisions and cause CPU ...

5CVSS6.2AI score0.40186EPSS