Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
References: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 https://svn.apache.org/viewvc?view=revision&revision=1902206 https://github.com/apache/apr/commit/850cc4f69639ac9f1c1c9767efaf4883ee3217ce
Created apr-util tracking bugs for this issue: Affects: fedora-all [bug 2193499]
*** Bug 2186440 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3109 https://access.redhat.com/errata/RHSA-2023:3109
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:3146 https://access.redhat.com/errata/RHSA-2023:3146
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:3145 https://access.redhat.com/errata/RHSA-2023:3145
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3147 https://access.redhat.com/errata/RHSA-2023:3147
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:3177 https://access.redhat.com/errata/RHSA-2023:3177
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:3178 https://access.redhat.com/errata/RHSA-2023:3178
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:3360 https://access.redhat.com/errata/RHSA-2023:3360
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:3380 https://access.redhat.com/errata/RHSA-2023:3380
This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25147