CVE-2022-25147

CVE-2022-25147 is an out-of-bounds write vulnerability in APR-util’s apr_base64 functions, affecting APR-util versions up to 1.6.1 (and prior). Multiple advisories note the issue and list updates to APR-util as the mitigation (e.g., RHSA-2023:3145, ALSA/ALAS advisories for AlmaLinux/Amazon Linux,...

CVE-2017-12618

CVE-2017-12618 affects APR-util (SDBM-backed databases used by apr_sdbm*()). The issue is a lack of integrity validation for SDBM files, enabling local attackers with write access to crash a program or cause denial of service. A patch/update for APR-util is available (see ALAS-2017-929 and Fedora...