CVE-2017-12618

Published: 24/10/2017 Updated: 31/10/2018

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache portable runtime utility 0.9.20
apache portable runtime utility 0.9.19
apache portable runtime utility 0.9.18
apache portable runtime utility 0.9.17
apache portable runtime utility 0.9.16
apache portable runtime utility 0.9.15
apache portable runtime utility 0.9.14
apache portable runtime utility 0.9.13
apache portable runtime utility 0.9.12
apache portable runtime utility 0.9.11
apache portable runtime utility 0.9.10
apache portable runtime utility 0.9.9
apache portable runtime utility 0.9.7
apache portable runtime utility 0.9.6
apache portable runtime utility 0.9.5
apache portable runtime utility 0.9.4
apache portable runtime utility 0.9.3
apache portable runtime utility 0.9.2
apache portable runtime utility 0.9.1
apache portable runtime utility 1.1.2
apache portable runtime utility 1.1.1
apache portable runtime utility 1.1.0
apache portable runtime utility 1.2.13
apache portable runtime utility 1.2.12
apache portable runtime utility 1.2.10
apache portable runtime utility 1.2.9
apache portable runtime utility 1.2.8
apache portable runtime utility 1.2.7
apache portable runtime utility 1.2.6
apache portable runtime utility 1.2.2
apache portable runtime utility 1.2.1
apache portable runtime utility 1.3.13
apache portable runtime utility 1.3.12
apache portable runtime utility 1.3.11
apache portable runtime utility 1.3.10
apache portable runtime utility 1.3.9
apache portable runtime utility 1.3.8
apache portable runtime utility 1.3.7
apache portable runtime utility 1.3.6
apache portable runtime utility 1.3.5
apache portable runtime utility 1.3.4
apache portable runtime utility 1.3.3
apache portable runtime utility 1.3.2
apache portable runtime utility 1.3.1
apache portable runtime utility 1.3.0
apache portable runtime utility 1.4.3
apache portable runtime utility 1.4.2
apache portable runtime utility 1.4.1
apache portable runtime utility 1.4.0
apache portable runtime utility 1.5.5
apache portable runtime utility 1.5.4
apache portable runtime utility 1.5.3
apache portable runtime utility 1.5.2
apache portable runtime utility 1.5.1
apache portable runtime utility 1.5.0
apache portable runtime utility 1.6.0
apache portable runtime utility 1.0.2
apache portable runtime utility 1.0.1
apache portable runtime utility 1.0.0

Debian Bug report logs - #879996 apr-util: CVE-2017-12618 Package: src:apr-util; Maintainer for src:apr-util is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #879708 apr: CVE-2017-12613 Package: src:apr; Maintainer for src:apr is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 24 Oct 2017 20:33:02 UTC Severity: important Tags: security, upstream Found in versions apr/162-1, ...

Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service(CVE-2017-12618) ...

Apache Portable Runtime Utility (APR-util) 160 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service ...

APR-util 160 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...

CWE-125 http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E http://www.securityfocus.com/bid/101558 https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html http://www.securitytracker.com/id/1042004 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996 https://alas.aws.amazon.com/ALAS-2017-929.html https://access.redhat.com/security/cve/cve-2017-12618

CVE-2017-12618

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect