Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
321
VMScore

CVE-2021-35940

Published: 23/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 321
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Apache

Vulnerability Summary

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940) Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-24963)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache portable runtime 1.7.0

oracle http server 12.2.1.3.0

oracle http server 12.2.1.4.0

Vendor Advisories

Debian CVElist Bug Report Logs: apr: CVE-2021-35940
Debian Bug report logs - #992789 apr: CVE-2021-35940 Package: src:apr; Maintainer for src:apr is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Aug 2021 13:48:02 UTC Severity: important Tags: patch, pending, security, upstream Found in ...
Amazon Linux 2: ALAS2-2023-1936
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 163 release (CVE-2017-12613) The fix for this issue was not carried forward to the APR 17x branch, and hence version 170 regressed compared to 163 and is vulnerable to the same issue (CVE-2021-35940) Integer Overflow or Wraparound vulnera ...
Red Hat: CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 163 release (CVE-2017-12613) The fix for this issue was not carried forward to the APR 17x branch, and hence version 170 regressed compared to 163 and is vulnerable to the same issue ...
Arch Linux Issues:
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 163 release (CVE-2017-12613) The fix for this issue was not carried forward to the APR 17x branch, and hence version 170 regressed compared to 163 and is vulnerable to the same issue ...

References

CWE-125https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3Ehttp://svn.apache.org/viewvc?view=revision&revision=1891198https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patchhttp://www.openwall.com/lists/oss-security/2021/08/23/1https://www.oracle.com/security-alerts/cpujul2022.htmlhttp://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3Ehttps://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.apr.apache.org%3Ehttps://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r72a069753b9363c29732e59ad8f0d22a633fb6a699980407511ac961%40%3Cdev.apr.apache.org%3Ehttps://lists.apache.org/thread.html/r317c398ee5736e627f7887b06607e5c58b45a696d352ba8c14615f55%40%3Cdev.apr.apache.org%3Ehttps://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3Ehttps://lists.apache.org/thread.html/r72479f4dcffaa8a4732d5a0e87fecc4bace4932e28fc26f7d400e2b3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r54c755c74b9e3846cfd84039b1967d37d2870750a02d7c603983f6ed%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rafe54755850e93de287c36540972457b2dd86332106aa7817c7c27fb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-1936.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook