CVE-2017-12618
MEDIUMApache Portable Runtime Utility - Out-of-Bounds Read
Title source: ruleDescription
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042004
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101558
Scores
CVSS v3
4.7
EPSS
0.0092
EPSS Percentile
76.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (50)
apache/portable_runtime_utility
0.9.1
apache/portable_runtime_utility
0.9.2
apache/portable_runtime_utility
0.9.3
apache/portable_runtime_utility
0.9.4
apache/portable_runtime_utility
0.9.5
apache/portable_runtime_utility
0.9.6
apache/portable_runtime_utility
0.9.7
apache/portable_runtime_utility
0.9.9
apache/portable_runtime_utility
0.9.10
apache/portable_runtime_utility
0.9.11
... and 40 more
Published
Oct 24, 2017
Tracked Since
Feb 18, 2026