CVE-2021-35940
Published: 23 August 2021
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
Notes
Author | Note |
---|---|
leosilva | the fix was removed in 1.7.x branches, but it is addressed in 1.6.x and later. xenial and trusty/esm are affected. |
Priority
Status
Package | Release | Status |
---|---|---|
apr Launchpad, Ubuntu, Debian |
hirsute |
Released
(1.7.0-6ubuntu0.1)
|
trusty |
Released
(1.5.0-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
bionic |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
impish |
Released
(1.7.0-6ubuntu1)
|
|
jammy |
Released
(1.7.0-6ubuntu1)
|
|
xenial |
Released
(1.5.2-3ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(1.7.0-7)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940
- https://www.openwall.com/lists/oss-security/2021/08/23/1
- http://svn.apache.org/viewvc?view=revision&revision=1891198
- https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
- http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw@mail.gmail.com%3E
- https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/08/23/1
- https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E
- https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E
- https://ubuntu.com/security/notices/USN-5056-1
- NVD
- Launchpad
- Debian