| Bug ID | 1207866 |
|---|---|
| Summary | CVE-2022-25147 libapr-util1 <=1.6.1 buffer overflow possible with specially crafted input |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.4 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Critical |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | undergraver@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
I've checked the sources from apache and between 1.6.1 and 1.6.2 we have some clear differences in "encoding/apr_base64.c" Apache sources: https://apr.apache.org/anonsvn.html #~ rpm -qa | grep -i libapr libapr1-1.6.3-3.3.8.x86_64 libapr-util1-1.6.1-18.2.1.x86_64 #~ I also checked the source code and unfortunately the apr_base64.c is not patched. That means a patch or an update to newer version is necessary, possibly also the update of libapr1 library. Please let me know how can I help.