CVE-2022-25147

Name
CVE-2022-25147
Description
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
security@apache.org https://security.netapp.com/advisory/ntap-20240315-0001/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apache:portable_runtime_utility:*:*:*:*:*:*:*:* portable_runtime_utility >= None <= 1.6.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
apr-util edge-main 1.6.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
apr-util 3.22-main 1.6.3-r0 None fixed
apr-util 3.21-main 1.6.3-r0 None fixed
apr-util 3.20-main 1.6.3-r0 None fixed
apr-util 3.19-main 1.6.3-r0 None fixed
apr-util 3.18-main 1.6.3-r0 None fixed
apr-util 3.17-main 1.6.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
apr edge-main 1.7.1-r0 None fixed
apr 3.22-main 1.7.1-r0 None fixed
apr 3.21-main 1.7.1-r0 None fixed
apr 3.20-main 1.7.1-r0 None fixed
apr 3.19-main 1.7.1-r0 None fixed
apr 3.18-main 1.7.1-r0 None fixed
apr 3.17-main 1.7.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed