QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-12613

Back to search

CVE-2017-12613

Published: Oct 24, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

VendorProductVersions

Apache Software Foundation

Apache Portable Runtime

affected
1.6.2 and prior

References

RHSA-2018:0316
vendor-advisory
x_refsource_REDHAT
1042004
vdb-entry
x_refsource_SECTRACK
RHSA-2017:3475
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0465
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3270
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3476
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1253
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3477
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0466
vendor-advisory
x_refsource_REDHAT
101560
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now