CVE-2017-12613: Buffer Overflow
APR. Multiple issues in Perl were addressed with improved memory handling.
Other sources
When aprexptime() or aprosexptime() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
External References:
http://www.apache.org/dist/apr/Announcement1.x.html
— Red Hat
When aprtimeexp() or aprosexptime() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Credit
Affected Software
Remediation
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4295
- CVE-2018-4410
- CVE-2018-4417
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4468
- CVE-2018-4126
- CVE-2018-4415
- CVE-2018-4398
- CVE-2018-4412
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4403
- CVE-2018-4423
- CVE-2018-3639
- CVE-2018-4342
- CVE-2018-4304
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-3646
- CVE-2018-4242
- CVE-2018-4394
- CVE-2018-4334
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4350
- CVE-2018-4421
- CVE-2018-4422
- CVE-2018-4408
- CVE-2018-4402
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4401
- CVE-2018-4371
- CVE-2018-4420
- CVE-2018-4399
- CVE-2018-4340
- CVE-2018-4419
- CVE-2018-4425
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4413
- CVE-2018-4407
- CVE-2018-4424
- CVE-2018-4187
- CVE-2018-4348
- CVE-2018-4389
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3640
- CVE-2018-4369
- CVE-2018-6797
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4400
- CVE-2018-4395
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4368
- CVE-2018-5383
- CVE-2018-4324
- CVE-2018-4353
- CVE-2018-4321
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-4355
- CVE-2018-4351
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4383
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4344
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2016-1777
- CVE-2018-4338
Frequently Asked Questions
What is CVE-2017-12613?
CVE-2017-12613 is a vulnerability in Apache Portable Runtime (APR) that allows for out of bounds memory access when certain functions are invoked with an invalid month field value.
How severe is CVE-2017-12613?
CVE-2017-12613 has a severity rating of high, with a severity value of 7.
What software is affected by CVE-2017-12613?
The vulnerability affects APR version 1.6.2 and prior. It also affects various versions of macOS Mojave, Apple High Sierra, Apple Sierra, Debian Linux, Redhat Jboss Enterprise Web Server, and Redhat Software Collections.
How can the CVE-2017-12613 vulnerability be fixed?
To fix the CVE-2017-12613 vulnerability, update Apache Portable Runtime to version 1.6.3.
Where can I find more information about CVE-2017-12613?
More information about CVE-2017-12613 can be found on the Apache website, the Red Hat Bugzilla page, and the Apache Subversion repository.