Search for packages
Package details: pkg:deb/debian/apr@1.6.5-1
purl pkg:deb/debian/apr@1.6.5-1
Next non-vulnerable version 1.7.2-3+deb12u1
Latest non-vulnerable version 1.7.5-1
Risk 4.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-g46y-xct8-aaaa
Aliases:
CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
1.7.0-6+deb11u2
Affected by 1 other vulnerability.
VCID-szuh-hctr-aaaj
Aliases:
CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
1.7.0-6+deb11u2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7ctq-1dck-aaap When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. CVE-2017-12613

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:20:03.063136+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T15:57:27.028161+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T07:44:49.817973+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj None 36.1.3
2025-06-21T06:18:00.700757+00:00 Debian Oval Importer Affected by VCID-g46y-xct8-aaaa None 36.1.3
2025-06-20T23:37:28.304555+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap None 36.1.3
2025-06-08T12:27:53.085494+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:48:47.392102+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T08:50:46.368065+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:24:56.598511+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj None 36.1.0
2025-06-07T23:57:04.661977+00:00 Debian Oval Importer Affected by VCID-g46y-xct8-aaaa None 36.1.0
2025-06-07T17:00:24.483713+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap None 36.1.0
2025-04-12T19:41:39.119443+00:00 Debian Oval Importer Affected by VCID-g46y-xct8-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:14:08.624761+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:33:46.371981+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:22:20.610944+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T23:57:30.402528+00:00 Debian Oval Importer Affected by VCID-szuh-hctr-aaaj None 36.0.0
2025-04-07T22:29:16.722678+00:00 Debian Oval Importer Affected by VCID-g46y-xct8-aaaa None 36.0.0
2025-04-07T15:33:36.666909+00:00 Debian Oval Importer Fixing VCID-7ctq-1dck-aaap None 36.0.0