CVE-2017-12613: Buffer Overflow
First published: Tue Oct 24 2017(Updated: )
APR. Multiple issues in Perl were addressed with improved memory handling.
Credit: Craig Young Tripwire VERT security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/apr | <1.6.3 | 1.6.3 |
| macOS Mojave | <10.14.1 | 10.14.1 |
| macOS High Sierra | ||
| macOS High Sierra | ||
| macOS Mojave | <10.14 | 10.14 |
| Apache Portable Runtime | <1.7.0 | |
| Debian Linux | =7.0 | |
| Debian Linux | =9.0 | |
| Red Hat JBoss Core Services | ||
| Red Hat JBoss Core Services | =1.0 | |
| Red Hat JBoss Enterprise Web Server | =3.0.0 | |
| Red Hat Software Collections | =1.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =6.7 | |
| Red Hat Enterprise Linux Server EUS | =7.3 | |
| Red Hat Enterprise Linux Server EUS | =7.4 | |
| Red Hat Enterprise Linux Server EUS | =7.5 | |
| Red Hat Enterprise Linux Server EUS | =7.6 | |
| Red Hat Enterprise Linux Server EUS | =7.7 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =6.4 | |
| Red Hat Enterprise Linux Server | =6.5 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://support.apple.com/en-us/HT209193 (Advisory)
- http://www.apache.org/dist/apr/Announcement1.x.html
- http://www.openwall.com/lists/oss-security/2021/08/23/1
- http://www.securityfocus.com/bid/101560
- http://www.securitytracker.com/id/1042004
- https://access.redhat.com/errata/RHSA-2017:3270
- https://access.redhat.com/errata/RHSA-2017:3475
- https://access.redhat.com/errata/RHSA-2017:3476
- https://access.redhat.com/errata/RHSA-2017:3477
- https://access.redhat.com/errata/RHSA-2018:0316
- https://access.redhat.com/errata/RHSA-2018:0465
- https://access.redhat.com/errata/RHSA-2018:0466
- https://access.redhat.com/errata/RHSA-2018:1253
- https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E
- https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E
- https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3Cdev.apr.apache.org%3E
- https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html
- https://svn.apache.org/viewvc?view=revision&revision=1807976
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1506524
- https://svn.apache.org/viewvc?view=revision&revision=1807975
- https://bugzilla.redhat.com/show_bug.cgi?id=1506523
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4295
- CVE-2018-4410
- CVE-2018-4417
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4468
- CVE-2018-4126
- CVE-2018-4415
- CVE-2018-4398
- CVE-2018-4412
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4403
- CVE-2018-4423
- CVE-2018-3639
- CVE-2018-4342
- CVE-2018-4304
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-3646
- CVE-2018-4242
- CVE-2018-4394
- CVE-2018-4334
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4350
- CVE-2018-4421
- CVE-2018-4422
- CVE-2018-4408
- CVE-2018-4402
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4401
- CVE-2018-4371
- CVE-2018-4420
- CVE-2018-4399
- CVE-2018-4340
- CVE-2018-4419
- CVE-2018-4425
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4413
- CVE-2018-4407
- CVE-2018-4424
- CVE-2018-4187
- CVE-2018-4348
- CVE-2018-4389
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3640
- CVE-2018-4369
- CVE-2018-6797
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4400
- CVE-2018-4395
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4368
- CVE-2018-5383
- CVE-2018-4324
- CVE-2018-4353
- CVE-2018-4321
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-4355
- CVE-2018-4351
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4383
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4344
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2016-1777
- CVE-2018-4338
Frequently Asked Questions
What is CVE-2017-12613?
CVE-2017-12613 is a vulnerability in Apache Portable Runtime (APR) that allows for out of bounds memory access when certain functions are invoked with an invalid month field value.
How severe is CVE-2017-12613?
CVE-2017-12613 has a severity rating of high, with a severity value of 7.
What software is affected by CVE-2017-12613?
The vulnerability affects APR version 1.6.2 and prior. It also affects various versions of macOS Mojave, Apple High Sierra, Apple Sierra, Debian Linux, Redhat Jboss Enterprise Web Server, and Redhat Software Collections.
How can the CVE-2017-12613 vulnerability be fixed?
To fix the CVE-2017-12613 vulnerability, update Apache Portable Runtime to version 1.6.3.
Where can I find more information about CVE-2017-12613?
More information about CVE-2017-12613 can be found on the Apache website, the Red Hat Bugzilla page, and the Apache Subversion repository.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-12613
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/author
- collector/apple-support
- alias/CVE-2017-12618
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/apple
- canonical/macos mojave
- canonical/macos high sierra
- vendor/apache
- canonical/apache portable runtime
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0
- version/debian linux/9.0
- vendor/redhat
- canonical/red hat jboss core services
- version/red hat jboss core services/1.0
- canonical/red hat jboss enterprise web server
- version/red hat jboss enterprise web server/3.0.0
- canonical/red hat software collections
- version/red hat software collections/1.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.7
- version/red hat enterprise linux server eus/7.3
- version/red hat enterprise linux server eus/7.4
- version/red hat enterprise linux server eus/7.5
- version/red hat enterprise linux server eus/7.6
- version/red hat enterprise linux server eus/7.7
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/6.4
- version/red hat enterprise linux server/6.5
- version/red hat enterprise linux server/6.6
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.7
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0