---------- Forwarded message --------- From: Eric Covener <cove...@apache.org> Date: Tue, Jan 31, 2023 at 10:13 AM Subject: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions To: <annou...@apache.org>, <priv...@apr.apache.org>
Severity: moderate Description: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. Credit: Ronald Crane (Zippenhop LLC) (reporter) References: https://apr.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-25147 -- Eric Covener cove...@gmail.com