Apache Software Foundation Portable Runtime 1.7.0

CPE Details

Apache Software Foundation Portable Runtime 1.7.0
apache
portable_runtime
1.7.0
2021-08-26
15h13 +00:00
2021-08-27
12h23 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

portable_runtime

Version

1.7.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-49582 2024-08-26 14h03 +00:00 Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
5.5
Medium
CVE-2022-28331 2023-01-31 15h55 +00:00 On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
9.8
Critical
CVE-2022-24963 2023-01-31 15h52 +00:00 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
9.8
Critical
CVE-2021-35940 2021-08-23 08h00 +00:00 An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
7.1
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.