Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime (APR) version 1.7.0.

Project Subscriptions

Vendors Products
Portable Runtime Subscribe
Enterprise Linux Subscribe
Jboss Core Services Subscribe
Jboss Enterprise Web Server Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-5370-1 apr security update
EUVD EUVD EUVD-2022-29715 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Ubuntu USN Ubuntu USN USN-5885-1 APR vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 27 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 16:45:00 +0000

Type Values Removed Values Added
Title Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-03-27T14:33:39.826Z

Reserved: 2022-02-11T12:49:56.769Z

Link: CVE-2022-24963

cve-icon Vulnrichment

Updated: 2024-08-03T04:29:01.595Z

cve-icon NVD

Status : Modified

Published: 2023-01-31T16:15:08.830

Modified: 2025-03-27T15:15:36.323

Link: CVE-2022-24963

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-01-31T00:00:00Z

Links: CVE-2022-24963 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses