Back to search
CVE-2021-35940
Published: Aug 23, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Portable Runtime (APR) | affected Apache Portable Runtime 1.7.0 |
References
http://svn.apache.org/viewvc?view=revision&revision=1891198
x_refsource_MISC
[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613
mailing-list
x_refsource_MLIST
[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613
mailing-list
x_refsource_MLIST
[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613
mailing-list
x_refsource_MLIST
[apr-dev] 20210831 APR 1.7.1 release?
mailing-list
x_refsource_MLIST
[httpd-dev] 20210831 APR 1.7.1 release?
mailing-list
x_refsource_MLIST
[apr-dev] 20210831 Re: APR 1.7.1 release?
mailing-list
x_refsource_MLIST
[apr-dev] 20210901 Re: APR 1.7.1 release?
mailing-list
x_refsource_MLIST
[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now