Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. External References: http://www.apache.org/dist/apr/Announcement1.x.html
Created apr-util tracking bugs for this issue: Affects: fedora-all [bug 1506535]
This vulnerability is out of security support scope for the following product: * Red Hat JBoss Core Services Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.