Headline
RHSA-2023:3177: Red Hat Security Advisory: apr-util security update
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-17
Updated:
2023-05-17
RHSA-2023:3177 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: apr-util security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for apr-util is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Security Fix(es):
- apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
apr-util-1.6.1-6.el8_1.1.src.rpm
SHA-256: d9d3f4c6cc7f47d25c7b7cc816b6fc547caa6a8c832a923fc38f5fcc4c19cca6
ppc64le
apr-util-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 390f39e115b677cd4ff5cd95af968d1ad5490a3dbe21e079a3d140408d6f383e
apr-util-bdb-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: ee341142932a47a6ef1c57eb7b321f26cd056cb8720a8f0c5bf1f9bdfd339053
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 30c961daa2fcc95f98b25a758047b11c8e924df0fc417c8974714075eb53d12a
apr-util-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: a52649a7ba87c7cb4bb1629d832c4972b4e6fcc3903891a0065e15ee92ee3a1a
apr-util-debugsource-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 10f9d659910550730c03626ddf1828601585a62bddb027b23a7cdee537aebfaa
apr-util-devel-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: e48339b008f98f3dd3cafb0fd1a5cd77e6988332a3cf68c2f213a4889151cbce
apr-util-ldap-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 600248628954b14c7c9c2cf8845467298e6fc69f0349c8778b9011db7d575b88
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 8a3f96043962c11ca2f92423cf1dae6f491a6680d33fb5b15280632ff6ecec3b
apr-util-mysql-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 74db785f799c1f79d0455ac61e0c712d28d351be98817b8e88a7a5b644f16b6b
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 191afcd5742171f631e79885ef6c257cb0931020c8fe5481d754a486bc904c6b
apr-util-odbc-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 56f998976aaf6b4aaad0a60cac32daafaefaa354babeaa0ad1a2a4e1644f650e
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 30ddaa6cd859ec64aaed213b0ad1b40e69b01d6ec54cecb2f39d456d3502703f
apr-util-openssl-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: a025e21347448aca2502f23c0700ccee30904f02704ccceff481b11d7c99d767
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 5a1f07875cb718cb07cc5ad9e1ff9f3c1d36035a51b6014cd195cd7d746e2dd3
apr-util-pgsql-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: e091f34d173ef30d4906d4609c6e9691057b741c602a4686d0ce6508034d6fb1
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 8387245a157eab8e77915b15497fa7e7c619b3352ec7350756bd2744eae6051e
apr-util-sqlite-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: bae6fca16d74c2b19f9a1a1de8ae985556a2ba29452401b61c0fe16c6d511b76
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm
SHA-256: 0be4ad13ff651f434e03bd57ebed57b24ae3c6148478b8af01e9df0c3c0a3b66
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
apr-util-1.6.1-6.el8_1.1.src.rpm
SHA-256: d9d3f4c6cc7f47d25c7b7cc816b6fc547caa6a8c832a923fc38f5fcc4c19cca6
x86_64
apr-util-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 8d2e877c35ecb1c92f90b9680213d769e2de1adf1ad432b864842d514ba6ae4e
apr-util-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 8c6d97c7ab8820c35126a1941a5ea204409158474fc5f5c290c4912bd7f66332
apr-util-bdb-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 134f95490bc7cb64f18a119eb3759500e270e2ee79a11d7065c08dc6619efab6
apr-util-bdb-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: b8b4bd989e64b236a09a21682543d68a205423c0a234d7fc95d76a1cdf5cf27f
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: ce79c635fe46a4e1f102282b1fa107d540964504a5da2303b3eabd12d4580ed7
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: ffddbd73acf548a7103384cfe1578e79f5533ac713c7fe3bb26cddcf6237eeda
apr-util-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 76b3be3824befcbdb1b180dc09d466d534241c0de10b17e86fa046cba968dca3
apr-util-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 10014580dafc15458a0fa75755a14a4eb6bd4dbddc96ce5cd0796f1fe1ff15a4
apr-util-debugsource-1.6.1-6.el8_1.1.i686.rpm
SHA-256: ce8ba8084053d5cf4c7aa9d2ded29ddd4e2d506568586795af465376a1469dd4
apr-util-debugsource-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 27ef29c7ba97002310c5bab4f6a61288fc5fde13fce0963b74ee97065d400130
apr-util-devel-1.6.1-6.el8_1.1.i686.rpm
SHA-256: f9ec9cbd73bf1b66ac978c9111184bef8a034a37f3b9372af984d5a1c14ebcce
apr-util-devel-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 05816f09342d79a6e4260d94cace954b4028853f3e1c783b1bb4f2d2957bd118
apr-util-ldap-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 200976fe44b60ac68465368fc8f2fdc31c4851f1ab2d1a107858bc6c65f83f97
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 86aeb35ca898762e91a0f7b9135e1ace4a9def9d88a15237e0527ad56bcbde89
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 1ca0b841c184c20020f3e942f39e4238b8b6246e0e7847b47ae86bf00e2268b7
apr-util-mysql-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 5f2bac489058b7238db448664d5cb05aae80b0c17026d05dca9254bb2a061e7b
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: dfd7ffc4fe0824ad2c8396ecfbf05be2d1b066cc1da96d92029ab8451e21bbf0
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: aafde6f37191ef07205b70bf120cd625fc416fe543091fd62493e803fbd4c361
apr-util-odbc-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 9a8f766ecdad48605c9aab2e057b4a79ac067e045aad078b8ce022e796a459e2
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 6367d8dbca735e4b418a425b27bf677f78054c13ca4412af9f44ec178c75da1f
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 1d1a48c778d4050b27662affc506fbef8cbabc6652ded8e25f898abc669a2a11
apr-util-openssl-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 2932095b4459de554221ce180fcf82792db1fc14643840b388eacf29eef13f26
apr-util-openssl-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 2d5c69806476839343d07f0c8966e3e2e6e5f90d5152cd8983775e8540b19ec3
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 9a4bfc9b694234955d30b87c76ee41ed3570e26f13dca6d0802164f2ceafe582
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: b06a1f7bcf2626ef5cc5927abce3f8152b21df6188f400ea282bcab1cf748637
apr-util-pgsql-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 9e64e6b1fef1bc9500a613c9a270fd8e028fd0c31bf44429d6a5e6d00f91ced7
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: b87e625e79b6d322598a8f116c881123b3879a95b723ccf7e46107de649b103a
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 41b037d3a8d394a54703be044a64125ba754c3ee8d45dcb0af6cedd139bc9a15
apr-util-sqlite-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: 1b6149f2d0f26b3016f6b0b6577d95bd60c4d825dd2c67f016293dad918fe78c
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.i686.rpm
SHA-256: 41d282f50a97839e2282ce7034af86a8993245caa82844b3d8ffdd2dd2d73e5b
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm
SHA-256: cd31c5ef5b390efc1ac17d464e12bd38438b481d3e0ccea27b0d3af968a061ad
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encodin...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-3146-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
An update for apr-util is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25147: A flaw was found in the Apache Portable Runtime (APR) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 5870-1 - Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.