Back to search
CVE-2017-12618
Published: Oct 24, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Portable Runtime | affected 1.6.0 and prior |
References
[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update
mailing-list
x_refsource_MLIST
1042004
vdb-entry
x_refsource_SECTRACK
[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released
mailing-list
x_refsource_MLIST
101558
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now