[Bug 1207866] New: CVE-2022-25147 libapr-util1 <=1.6.1 buffer overflow possible with specially crafted input
https://bugzilla.suse.com/show_bug.cgi?id=1207866 Bug ID: 1207866 Summary: CVE-2022-25147 libapr-util1 <=1.6.1 buffer overflow possible with specially crafted input Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: undergraver@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I've checked the sources from apache and between 1.6.1 and 1.6.2 we have some clear differences in "encoding/apr_base64.c" Apache sources: https://apr.apache.org/anonsvn.html #~ rpm -qa | grep -i libapr libapr1-1.6.3-3.3.8.x86_64 libapr-util1-1.6.1-18.2.1.x86_64 #~ I also checked the source code and unfortunately the apr_base64.c is not patched. That means a patch or an update to newer version is necessary, possibly also the update of libapr1 library. Please let me know how can I help. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 https://bugzilla.suse.com/show_bug.cgi?id=1207866#c1 --- Comment #1 from Iulian Serbanoiu <undergraver@gmail.com> --- CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25147 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stoyan.manolov@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david.anes@suse.com Flags| |needinfo?(david.anes@suse.c | |om) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2022-2514 | |7:9.8:(AV:N/AC:L/PR:N/UI:N/ | |S:U/C:H/I:H/A:H) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1207866 https://bugzilla.suse.com/show_bug.cgi?id=1207866#c5 David Anes <david.anes@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #5 from David Anes <david.anes@suse.com> --- This is the change that needs to be backported for previous versions: * https://svn.apache.org/viewvc?view=revision&revision=1904728 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com