Portable Runtime@* Security Vulnerabilities and Issues — Portable Runtime@* CVE List

Lucene search

ApachePortable Runtime*

9 matches found

CVE•added 2011/05/16 5:55 p.m.•711 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allow...

4.3CVSS7.7AI score0.50389EPSS

CVE•added 2017/10/24 1:29 a.m.•415 views

CVE-2017-12613

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap ...

7.1CVSS7.1AI score0.00216EPSS

CVE•added 2009/10/13 10:30 a.m.•251 views

CVE-2009-2699

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemo...

7.5CVSS7.3AI score0.08727EPSS

CVE•added 2021/08/23 10:15 a.m.•179 views

CVE-2021-35940

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

7.1CVSS7.1AI score0.00216EPSS

CVE•added 2023/01/31 4:15 p.m.•174 views

CVE-2022-24963

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.This issue affects Apache Portable Runtime (APR) version 1.7.0.

9.8CVSS7.9AI score0.00129EPSS

CVE•added 2017/10/24 1:29 a.m.•141 views

CVE-2017-12618

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash,...

4.7CVSS4.7AI score0.00109EPSS

CVE•added 2023/01/31 4:15 p.m.•93 views

CVE-2022-28331

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

9.8CVSS9.5AI score0.00239EPSS

CVE•added 2024/08/26 2:15 p.m.•83 views

CVE-2023-49582

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are ...

5.5CVSS6.5AI score0.00038EPSS

CVE•added 2012/02/10 7:55 p.m.•46 views

CVE-2012-0840

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that ...

5CVSS6.2AI score0.28626EPSS