Bug 2169652 (CVE-2022-25147) - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Summary: CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-25147
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 2186440 (view as bug list)
Depends On: 2169657 2169658 2193499 2196120 2196568 2196569 2196570 2196571 2196572 2196573 2196574 2196575 2196576
Blocks: 2166092
TreeView+ depends on / blocked
 
Reported: 2023-02-14 08:18 UTC by TEJ RATHI
Modified: 2023-06-08 06:38 UTC (History)
17 users (show)

Fixed In Version: apr-util 1.6.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.
Clone Of:
Environment:
Last Closed: 2023-06-05 18:20:12 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:3176 0 None None None 2023-05-17 12:08:01 UTC
Red Hat Product Errata RHBA-2023:3240 0 None None None 2023-05-22 02:08:20 UTC
Red Hat Product Errata RHBA-2023:3241 0 None None None 2023-05-22 02:48:46 UTC
Red Hat Product Errata RHBA-2023:3527 0 None None None 2023-06-07 08:38:50 UTC
Red Hat Product Errata RHBA-2023:3535 0 None None None 2023-06-08 06:38:03 UTC
Red Hat Product Errata RHSA-2023:3109 0 None None None 2023-05-16 10:45:54 UTC
Red Hat Product Errata RHSA-2023:3145 0 None None None 2023-05-16 19:30:04 UTC
Red Hat Product Errata RHSA-2023:3146 0 None None None 2023-05-16 19:27:27 UTC
Red Hat Product Errata RHSA-2023:3147 0 None None None 2023-05-16 19:32:00 UTC
Red Hat Product Errata RHSA-2023:3177 0 None None None 2023-05-17 12:34:37 UTC
Red Hat Product Errata RHSA-2023:3178 0 None None None 2023-05-17 12:38:57 UTC
Red Hat Product Errata RHSA-2023:3354 0 None None None 2023-06-05 11:51:09 UTC
Red Hat Product Errata RHSA-2023:3355 0 None None None 2023-06-05 11:47:20 UTC
Red Hat Product Errata RHSA-2023:3360 0 None None None 2023-05-31 08:44:46 UTC
Red Hat Product Errata RHSA-2023:3380 0 None None None 2023-05-31 14:14:25 UTC

Description TEJ RATHI 2023-02-14 08:18:07 UTC 
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
Comment 2 TEJ RATHI 2023-02-14 08:57:36 UTC 
References:

https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
https://svn.apache.org/viewvc?view=revision&revision=1902206
https://github.com/apache/apr/commit/850cc4f69639ac9f1c1c9767efaf4883ee3217ce
Comment 8 Guilherme de Almeida Suckevicz 2023-05-05 20:55:54 UTC 
Created apr-util tracking bugs for this issue:

Affects: fedora-all [bug 2193499]
Comment 10 Joe Orton 2023-05-09 08:57:38 UTC 
*** Bug 2186440 has been marked as a duplicate of this bug. ***
Comment 14 errata-xmlrpc 2023-05-16 10:45:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3109 https://access.redhat.com/errata/RHSA-2023:3109
Comment 15 errata-xmlrpc 2023-05-16 19:27:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3146 https://access.redhat.com/errata/RHSA-2023:3146
Comment 16 errata-xmlrpc 2023-05-16 19:30:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3145 https://access.redhat.com/errata/RHSA-2023:3145
Comment 17 errata-xmlrpc 2023-05-16 19:31:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3147 https://access.redhat.com/errata/RHSA-2023:3147
Comment 18 errata-xmlrpc 2023-05-17 12:34:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3177 https://access.redhat.com/errata/RHSA-2023:3177
Comment 19 errata-xmlrpc 2023-05-17 12:38:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3178 https://access.redhat.com/errata/RHSA-2023:3178
Comment 20 errata-xmlrpc 2023-05-31 08:44:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3360 https://access.redhat.com/errata/RHSA-2023:3360
Comment 21 errata-xmlrpc 2023-05-31 14:14:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3380 https://access.redhat.com/errata/RHSA-2023:3380
Comment 22 errata-xmlrpc 2023-06-05 11:47:18 UTC 
This issue has been addressed in the following products:

  JBCS httpd 2.4.51.sp2

Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
Comment 23 errata-xmlrpc 2023-06-05 11:51:07 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
Comment 24 Product Security DevOps Team 2023-06-05 18:20:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25147
Note You need to log in before you can comment on or make changes to this bug.