CVE-2017-12613

7.1 HIGH

Published: October 24, 2017 Modified: May 13, 2026

Description

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.apache.org/dist/apr/Announcement1.x.html

Source: security@apache.org

Release Notes Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/08/23/1

Source: security@apache.org

Mailing List Third Party Advisory

http://www.securityfocus.com/bid/101560

Source: security@apache.org

Broken Link

http://www.securitytracker.com/id/1042004

Source: security@apache.org

Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2017:3270

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3475

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3476

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3477

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0316

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0465

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0466

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1253

Source: security@apache.org

Third Party Advisory

https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E

Source: security@apache.org

Issue Tracking Vendor Advisory

https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html

Source: security@apache.org

Mailing List Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html

Source: security@apache.org

Mailing List Third Party Advisory

https://svn.apache.org/viewvc?view=revision&revision=1807976

Source: security@apache.org

Issue Tracking Third Party Advisory

http://www.apache.org/dist/apr/Announcement1.x.html