Unrated severityNVD Advisory· Published Aug 23, 2021· Updated Aug 4, 2024
Regression of CVE-2017-12613
CVE-2021-35940
Description
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: = 1.7.0
- osv-coords2 versions
>= 1.7.0, < 1.7.1+ 1 more
- (no CPE)range: >= 1.7.0, < 1.7.1
- (no CPE)range: < 1.7.0-4.1
- Range: Apache Portable Runtime 1.7.0
Patches
Vulnerability mechanics
References
16- mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3Emitrex_refsource_MISC
- svn.apache.org/viewvcmitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2021/08/23/1mitremailing-listx_refsource_MLIST
- dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patchmitrex_refsource_MISC
- lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r317c398ee5736e627f7887b06607e5c58b45a696d352ba8c14615f55%40%3Cdev.apr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r54c755c74b9e3846cfd84039b1967d37d2870750a02d7c603983f6ed%40%3Cdev.tomcat.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r72479f4dcffaa8a4732d5a0e87fecc4bace4932e28fc26f7d400e2b3%40%3Cdev.tomcat.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r72a069753b9363c29732e59ad8f0d22a633fb6a699980407511ac961%40%3Cdev.apr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.apr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.httpd.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3Emitrex_refsource_MISCmailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rafe54755850e93de287c36540972457b2dd86332106aa7817c7c27fb%40%3Cdev.tomcat.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3Emitremailing-listx_refsource_MLIST
- www.oracle.com/security-alerts/cpujul2022.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.