Search for packages
| purl | pkg:deb/debian/apr@1.4.6-3%2Bdeb7u1 |
| Next non-vulnerable version | 1.7.2-3+deb12u1 |
| Latest non-vulnerable version | 1.7.2-3+deb12u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jkjz-9t6a-jqek
Aliases: CVE-2022-24963 |
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. |
Affected by 1 other vulnerability. |
|
VCID-sv4m-gxgp-q7h3
Aliases: CVE-2017-12613 |
apr: Out-of-bounds array deref in apr_time_exp*() functions |
Affected by 2 other vulnerabilities. |
|
VCID-wyth-7b6q-cqac
Aliases: CVE-2021-35940 |
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3rpu-nj6z-33b8 | apr: hash table collisions CPU usage DoS |
CVE-2012-0840
|
| VCID-8adb-pxka-97gq | A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) |
CVE-2011-0419
|
| VCID-uptj-wzkd-ykga |
CVE-2011-1928
|