Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2017-12613

Published: 24/10/2017 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 321
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Apache

Vulnerability Summary

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache portable runtime

debian debian linux 7.0

debian debian linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux server aus 6.6

redhat software collections 1.0

redhat enterprise linux eus 6.7

redhat enterprise linux server aus 6.5

redhat enterprise linux server aus 6.4

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat jboss enterprise web server 3.0.0

redhat enterprise linux server tus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat jboss core services -

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 6.6

redhat enterprise linux eus 7.6

redhat jboss core services 1.0

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

Vendor Advisories

Debian CVElist Bug Report Logs: apr-util: CVE-2017-12618
Debian Bug report logs - #879996 apr-util: CVE-2017-12618 Package: src:apr-util; Maintainer for src:apr-util is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versio ...
Debian CVElist Bug Report Logs: apr: CVE-2021-35940
Debian Bug report logs - #992789 apr: CVE-2021-35940 Package: src:apr; Maintainer for src:apr is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Aug 2021 13:48:02 UTC Severity: important Tags: patch, pending, security, upstream Found in ...
Debian CVElist Bug Report Logs: apr: CVE-2017-12613
Debian Bug report logs - #879708 apr: CVE-2017-12613 Package: src:apr; Maintainer for src:apr is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versions apr/162-1, ...
Red Hat: Important: apr security update
Synopsis Important: apr security update Type/Severity Security Advisory: Important Topic An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Red Hat: Important: httpd24-apr security update
Synopsis Important: httpd24-apr security update Type/Severity Security Advisory: Important Topic An update for httpd24-apr is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: apr security update
Synopsis Important: apr security update Type/Severity Security Advisory: Important Topic An update for apr is now available for Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat Enterprise Linux 66 Advanced Update Support, Red Hat Enterprise ...
Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Amazon Linux AMI: ALAS-2017-928
An out-of-bounds array dereference was found in apr_time_exp_get() An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak(CVE-2017-12613) ...
Red Hat: CVE-2017-12613
An out-of-bounds array dereference was found in apr_time_exp_get() An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak ...
Arch Linux Issues:
When apr_exp_time*() or apr_os_exp_time*() functions are invoked with an invalid month field value in APR 162 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 <!--X-Subject-Header-End--> < ...
Full Disclosure: APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra <!-- ...

References

CWE-125https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3Ehttp://www.securityfocus.com/bid/101560https://svn.apache.org/viewvc?view=revision&revision=1807976https://access.redhat.com/errata/RHSA-2017:3270https://access.redhat.com/errata/RHSA-2017:3477https://access.redhat.com/errata/RHSA-2017:3476https://access.redhat.com/errata/RHSA-2017:3475http://www.apache.org/dist/apr/Announcement1.x.htmlhttps://lists.debian.org/debian-lts-announce/2017/11/msg00005.htmlhttps://access.redhat.com/errata/RHSA-2018:0316https://access.redhat.com/errata/RHSA-2018:0466https://access.redhat.com/errata/RHSA-2018:0465https://access.redhat.com/errata/RHSA-2018:1253http://www.securitytracker.com/id/1042004http://www.openwall.com/lists/oss-security/2021/08/23/1https://lists.debian.org/debian-lts-announce/2022/01/msg00023.htmlhttps://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3Ehttps://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3Ehttps://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3Ehttps://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996https://access.redhat.com/errata/RHSA-2017:3270https://alas.aws.amazon.com/ALAS-2017-928.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook