Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9
References: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://svn.apache.org/viewvc?view=revision&revision=1902281 https://github.com/apache/apr/commit/622905ddfa7b45dfca350e13442892de3c1f48e9
Created apr-util tracking bugs for this issue: Affects: fedora-all [bug 2172554]
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:4628 https://access.redhat.com/errata/RHSA-2023:4628
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:4629 https://access.redhat.com/errata/RHSA-2023:4629
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24963
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.7 on RHEL 7 Red Hat JBoss Web Server 5.7 on RHEL 8 Red Hat JBoss Web Server 5.7 on RHEL 9 Via RHSA-2023:4909 https://access.redhat.com/errata/RHSA-2023:4909
This issue has been addressed in the following products: JWS 5.7.4 release Via RHSA-2023:4910 https://access.redhat.com/errata/RHSA-2023:4910
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7711 https://access.redhat.com/errata/RHSA-2023:7711