Published: 24/10/2017 Updated: 31/10/2018

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache portable runtime utility 1.0.2
apache portable runtime utility 0.9.16
apache portable runtime utility 0.9.15
apache portable runtime utility 0.9.6
apache portable runtime utility 0.9.5
apache portable runtime utility 1.1.0
apache portable runtime utility 1.2.13
apache portable runtime utility 1.2.2
apache portable runtime utility 1.2.1
apache portable runtime utility 1.3.13
apache portable runtime utility 1.3.6
apache portable runtime utility 1.3.5
apache portable runtime utility 1.4.2
apache portable runtime utility 1.4.1
apache portable runtime utility 1.6.0
apache portable runtime utility 1.0.1
apache portable runtime utility 1.0.0
apache portable runtime utility 0.9.14
apache portable runtime utility 0.9.13
apache portable runtime utility 0.9.12
apache portable runtime utility 0.9.4
apache portable runtime utility 0.9.3
apache portable runtime utility 1.2.12
apache portable runtime utility 1.2.10
apache portable runtime utility 1.3.12
apache portable runtime utility 1.3.11
apache portable runtime utility 1.3.4
apache portable runtime utility 1.3.3
apache portable runtime utility 1.4.0
apache portable runtime utility 1.5.5
apache portable runtime utility 0.9.20
apache portable runtime utility 0.9.19
apache portable runtime utility 0.9.11
apache portable runtime utility 0.9.10
apache portable runtime utility 0.9.2
apache portable runtime utility 0.9.1
apache portable runtime utility 1.2.9
apache portable runtime utility 1.2.8
apache portable runtime utility 1.3.10
apache portable runtime utility 1.3.9
apache portable runtime utility 1.3.2
apache portable runtime utility 1.3.1
apache portable runtime utility 1.5.4
apache portable runtime utility 1.5.3
apache portable runtime utility 0.9.18
apache portable runtime utility 0.9.17
apache portable runtime utility 0.9.9
apache portable runtime utility 0.9.7
apache portable runtime utility 1.1.2
apache portable runtime utility 1.1.1
apache portable runtime utility 1.2.7
apache portable runtime utility 1.2.6
apache portable runtime utility 1.3.8
apache portable runtime utility 1.3.7
apache portable runtime utility 1.3.0
apache portable runtime utility 1.4.3
apache portable runtime utility 1.5.2
apache portable runtime utility 1.5.1
apache portable runtime utility 1.5.0

Debian Bug report logs - #879996 apr-util: CVE-2017-12618 Package: src:apr-util; Maintainer for src:apr-util is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #879708 apr: CVE-2017-12613 Package: src:apr; Maintainer for src:apr is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versions apr/162-1, ...

Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service(CVE-2017-12618) ...

Apache Portable Runtime Utility (APR-util) 160 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service ...

APR-util 160 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014  < ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra <!-- ...

CWE-125 http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E http://www.securityfocus.com/bid/101558 https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html http://www.securitytracker.com/id/1042004 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996 https://alas.aws.amazon.com/ALAS-2017-929.html https://access.redhat.com/security/cve/cve-2017-12618

CVE-2017-12618

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect