MNBSD-2023-5: Wraparound in APR base64 encoding functions

Severity: Unknown

Affected Package: apr

Summary: Wraparound in APR base64 encoding functions

Description

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

Affected Versions

apr

Specific versions:

2.0.0
2.1.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8

Recommendations

No specific recommendations provided.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25147
https://github.com/MidnightBSD/src/commit/da9ba1d57e45ea06c1f55b34361d58e0dcc9e931

Additional Information

Aliases: CVE-2022-25147

Published: April 09, 2023
Last Modified: April 09, 2023