Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3177: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Red Hat Security Data
#sql#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#ldap#aws#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-17

Updated:

2023-05-17

RHSA-2023:3177 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: apr-util security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

  • apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

apr-util-1.6.1-6.el8_1.1.src.rpm

SHA-256: d9d3f4c6cc7f47d25c7b7cc816b6fc547caa6a8c832a923fc38f5fcc4c19cca6

ppc64le

apr-util-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 390f39e115b677cd4ff5cd95af968d1ad5490a3dbe21e079a3d140408d6f383e

apr-util-bdb-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: ee341142932a47a6ef1c57eb7b321f26cd056cb8720a8f0c5bf1f9bdfd339053

apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 30c961daa2fcc95f98b25a758047b11c8e924df0fc417c8974714075eb53d12a

apr-util-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: a52649a7ba87c7cb4bb1629d832c4972b4e6fcc3903891a0065e15ee92ee3a1a

apr-util-debugsource-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 10f9d659910550730c03626ddf1828601585a62bddb027b23a7cdee537aebfaa

apr-util-devel-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: e48339b008f98f3dd3cafb0fd1a5cd77e6988332a3cf68c2f213a4889151cbce

apr-util-ldap-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 600248628954b14c7c9c2cf8845467298e6fc69f0349c8778b9011db7d575b88

apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 8a3f96043962c11ca2f92423cf1dae6f491a6680d33fb5b15280632ff6ecec3b

apr-util-mysql-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 74db785f799c1f79d0455ac61e0c712d28d351be98817b8e88a7a5b644f16b6b

apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 191afcd5742171f631e79885ef6c257cb0931020c8fe5481d754a486bc904c6b

apr-util-odbc-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 56f998976aaf6b4aaad0a60cac32daafaefaa354babeaa0ad1a2a4e1644f650e

apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 30ddaa6cd859ec64aaed213b0ad1b40e69b01d6ec54cecb2f39d456d3502703f

apr-util-openssl-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: a025e21347448aca2502f23c0700ccee30904f02704ccceff481b11d7c99d767

apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 5a1f07875cb718cb07cc5ad9e1ff9f3c1d36035a51b6014cd195cd7d746e2dd3

apr-util-pgsql-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: e091f34d173ef30d4906d4609c6e9691057b741c602a4686d0ce6508034d6fb1

apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 8387245a157eab8e77915b15497fa7e7c619b3352ec7350756bd2744eae6051e

apr-util-sqlite-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: bae6fca16d74c2b19f9a1a1de8ae985556a2ba29452401b61c0fe16c6d511b76

apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

SHA-256: 0be4ad13ff651f434e03bd57ebed57b24ae3c6148478b8af01e9df0c3c0a3b66

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

apr-util-1.6.1-6.el8_1.1.src.rpm

SHA-256: d9d3f4c6cc7f47d25c7b7cc816b6fc547caa6a8c832a923fc38f5fcc4c19cca6

x86_64

apr-util-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 8d2e877c35ecb1c92f90b9680213d769e2de1adf1ad432b864842d514ba6ae4e

apr-util-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 8c6d97c7ab8820c35126a1941a5ea204409158474fc5f5c290c4912bd7f66332

apr-util-bdb-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 134f95490bc7cb64f18a119eb3759500e270e2ee79a11d7065c08dc6619efab6

apr-util-bdb-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: b8b4bd989e64b236a09a21682543d68a205423c0a234d7fc95d76a1cdf5cf27f

apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: ce79c635fe46a4e1f102282b1fa107d540964504a5da2303b3eabd12d4580ed7

apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: ffddbd73acf548a7103384cfe1578e79f5533ac713c7fe3bb26cddcf6237eeda

apr-util-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 76b3be3824befcbdb1b180dc09d466d534241c0de10b17e86fa046cba968dca3

apr-util-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 10014580dafc15458a0fa75755a14a4eb6bd4dbddc96ce5cd0796f1fe1ff15a4

apr-util-debugsource-1.6.1-6.el8_1.1.i686.rpm

SHA-256: ce8ba8084053d5cf4c7aa9d2ded29ddd4e2d506568586795af465376a1469dd4

apr-util-debugsource-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 27ef29c7ba97002310c5bab4f6a61288fc5fde13fce0963b74ee97065d400130

apr-util-devel-1.6.1-6.el8_1.1.i686.rpm

SHA-256: f9ec9cbd73bf1b66ac978c9111184bef8a034a37f3b9372af984d5a1c14ebcce

apr-util-devel-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 05816f09342d79a6e4260d94cace954b4028853f3e1c783b1bb4f2d2957bd118

apr-util-ldap-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 200976fe44b60ac68465368fc8f2fdc31c4851f1ab2d1a107858bc6c65f83f97

apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 86aeb35ca898762e91a0f7b9135e1ace4a9def9d88a15237e0527ad56bcbde89

apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 1ca0b841c184c20020f3e942f39e4238b8b6246e0e7847b47ae86bf00e2268b7

apr-util-mysql-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 5f2bac489058b7238db448664d5cb05aae80b0c17026d05dca9254bb2a061e7b

apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: dfd7ffc4fe0824ad2c8396ecfbf05be2d1b066cc1da96d92029ab8451e21bbf0

apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: aafde6f37191ef07205b70bf120cd625fc416fe543091fd62493e803fbd4c361

apr-util-odbc-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 9a8f766ecdad48605c9aab2e057b4a79ac067e045aad078b8ce022e796a459e2

apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 6367d8dbca735e4b418a425b27bf677f78054c13ca4412af9f44ec178c75da1f

apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 1d1a48c778d4050b27662affc506fbef8cbabc6652ded8e25f898abc669a2a11

apr-util-openssl-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 2932095b4459de554221ce180fcf82792db1fc14643840b388eacf29eef13f26

apr-util-openssl-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 2d5c69806476839343d07f0c8966e3e2e6e5f90d5152cd8983775e8540b19ec3

apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 9a4bfc9b694234955d30b87c76ee41ed3570e26f13dca6d0802164f2ceafe582

apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: b06a1f7bcf2626ef5cc5927abce3f8152b21df6188f400ea282bcab1cf748637

apr-util-pgsql-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 9e64e6b1fef1bc9500a613c9a270fd8e028fd0c31bf44429d6a5e6d00f91ced7

apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: b87e625e79b6d322598a8f116c881123b3879a95b723ccf7e46107de649b103a

apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 41b037d3a8d394a54703be044a64125ba754c3ee8d45dcb0af6cedd139bc9a15

apr-util-sqlite-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: 1b6149f2d0f26b3016f6b0b6577d95bd60c4d825dd2c67f016293dad918fe78c

apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.i686.rpm

SHA-256: 41d282f50a97839e2282ce7034af86a8993245caa82844b3d8ffdd2dd2d73e5b

apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

SHA-256: cd31c5ef5b390efc1ac17d464e12bd38438b481d3e0ccea27b0d3af968a061ad

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2023-3309-01

Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3287-01

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3380-01

Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

RHSA-2023:3380: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...

RHSA-2023:3309: Red Hat Security Advisory: OpenShift Container Platform 4.11.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...

Red Hat Security Advisory 2023-3177-01

Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3147-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-3146-01

Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:3145: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3146: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

RHSA-2023:3109: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

Debian Security Advisory 5364-1

Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.

Ubuntu Security Notice USN-5870-1

Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

CVE-2022-25147

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.