CVE-2022-24963

2023-01-3116:15:08

CWE-190

[email protected]

web.nvd.nist.gov

116

cve

2022

24963

integer overflow

wraparound

apr_encode

apache portable runtime

apr

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime (APR) version 1.7.0.

Affected configurations

Vulners

NVD

Node

apacheportable_runtimeRange≤1.7.0

CPENameOperatorVersion
apache:portable_runtimeapache portable runtimeeq1.7.0

CPE	Name	Operator	Version
apache:portable_runtime	apache portable runtime	eq	1.7.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Portable Runtime (APR)",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.7.0"
      }
    ]
  }
]