[Debian] CVE: CVE-2022-24963: apr: Integer Overflow or Wraparound vulnerability
Bug #2012866 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
ZhangXiao |
Bug Description
CVE-2022-24963: https:/
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-24963 fixed 9.8 N L N N H
References:
['libapr1_
CVE References
information type: | Public → Public Security |
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → ZhangXiao (zhangxiao-windriver) |
Changed in starlingx: | |
assignee: | ZhangXiao (zhangxiao-windriver) → nobody |
Changed in starlingx: | |
assignee: | nobody → ZhangXiao (zhangxiao-windriver) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/879341
Review: https:/