Search for packages
| purl | pkg:deb/debian/apr@1.4.6-3%2Bdeb7u1 |
| Next non-vulnerable version | 1.7.2-3+deb12u1 |
| Latest non-vulnerable version | 1.7.2-3+deb12u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3qre-qddd-eqgk
Aliases: CVE-2022-24963 |
apr: integer overflow/wraparound in apr_encode |
Affected by 1 other vulnerability. |
|
VCID-jdxe-krj9-8kax
Aliases: CVE-2017-12613 |
apr: Out-of-bounds array deref in apr_time_exp*() functions |
Affected by 2 other vulnerabilities. |
|
VCID-xz52-5z1u-cuf9
Aliases: CVE-2021-35940 |
apr: Regression of CVE-2017-12613 fix in apr 1.7 |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-29bh-jatc-73ad | Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. |
CVE-2012-0840
|
| VCID-3cea-3rkm-r7gs | A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) |
CVE-2011-0419
|
| VCID-qebd-7szr-y7cx | Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. |
CVE-2011-1928
|