rpm package
opensuse/apr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/apr&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49582 | — | < 1.7.5-1.1 | 1.7.5-1.1 | Aug 26, 2024 | Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET | ||
| CVE-2022-24963 | — | < 1.7.2-1.1 | 1.7.2-1.1 | Jan 31, 2023 | Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. | ||
| CVE-2021-35940 | — | < 1.7.0-4.1 | 1.7.0-4.1 | Aug 23, 2021 | An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to t | ||
| CVE-2021-3594 | — | < 1.7.0-2.2 | 1.7.0-2.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2011-1928 | — | < 1.5.2-3.4 | 1.5.2-3.4 | May 24, 2011 | The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, | ||
| CVE-2011-0419 | — | < 1.5.2-3.4 | 1.5.2-3.4 | May 16, 2011 | Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, | ||
| CVE-2009-2412 | — | < 1.5.2-3.4 | 1.5.2-3.4 | Aug 6, 2009 | Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft |
- CVE-2023-49582Aug 26, 2024affected < 1.7.5-1.1fixed 1.7.5-1.1
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET
- CVE-2022-24963Jan 31, 2023affected < 1.7.2-1.1fixed 1.7.2-1.1
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
- CVE-2021-35940Aug 23, 2021affected < 1.7.0-4.1fixed 1.7.0-4.1
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to t
- CVE-2021-3594Jun 15, 2021affected < 1.7.0-2.2fixed 1.7.0-2.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2011-1928May 24, 2011affected < 1.5.2-3.4fixed 1.5.2-3.4
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns,
- CVE-2011-0419May 16, 2011affected < 1.5.2-3.4fixed 1.5.2-3.4
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10,
- CVE-2009-2412Aug 6, 2009affected < 1.5.2-3.4fixed 1.5.2-3.4
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft