CVE-2017-12613
Summary
| CVE | CVE-2017-12613 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-24 01:29:00 UTC |
| Updated | 2023-11-07 02:38:00 UTC |
| Description | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Portable Runtime | All | All | All | All |
| Application | Apache | Portable Runtime | All | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Jboss Core Services | - | All | All | All |
| Application | Redhat | Jboss Core Services | 1.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Server | 3.0.0 | All | All | All |
| Application | Redhat | Software Collections | 1.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| oss-security - CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613 | MLIST | www.openwall.com | |
| Apple macOS/OS X Multiple Remote Code Execution, Denial of Service, and Information Disclosure Attacks and Local Privilege Escalation Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [Apache-SVN] Revision 1807976 | CONFIRM | svn.apache.org | Issue Tracking, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch | lists.apache.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [SECURITY] [DLA 1162-1] apr security update | MLIST | lists.debian.org | |
| [announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613 | lists.apache.org | ||
| [SECURITY] [DLA 2897-1] apr security update | MLIST | lists.debian.org | |
| Pony Mail! | lists.apache.org | ||
| Apache Portable Runtime library 1.5.2 Released | CONFIRM | www.apache.org | |
| Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.