oss-sec mailing list archives
CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
From: Eric Covener <covener () apache org>
Date: Tue, 31 Jan 2023 15:12:33 +0000
Severity: moderate Description: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. Credit: Ronald Crane (Zippenhop LLC) (finder) References: https://apr.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-24963
Current thread:
- CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Eric Covener (Jan 31)