Bug 1506532 (CVE-2017-12618) - CVE-2017-12618 apr-util: Out-of-bounds access in corrupted SDBM database
Summary: CVE-2017-12618 apr-util: Out-of-bounds access in corrupted SDBM database
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-12618
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1506535 1506922 1506923
Blocks: 1506539
TreeView+ depends on / blocked
 
Reported: 2017-10-26 09:39 UTC by Andrej Nemec
Modified: 2021-10-21 11:57 UTC (History)
31 users (show)

Fixed In Version: apr-util 1.6.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 11:57:28 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2017-10-26 09:39:32 UTC 
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

External References:

http://www.apache.org/dist/apr/Announcement1.x.html
Comment 1 Andrej Nemec 2017-10-26 09:40:11 UTC 
Created apr-util tracking bugs for this issue:

Affects: fedora-all [bug 1506535]
Comment 7 Joshua Padman 2019-08-06 04:24:30 UTC 
This vulnerability is out of security support scope for the following product:
 * Red Hat JBoss Core Services

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Note You need to log in before you can comment on or make changes to this bug.