First published: Tue Jan 31 2023(Updated: )
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Portable Runtime | =1.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24963 is an Integer Overflow or Wraparound vulnerability in the apr_encode functions of Apache Portable Runtime (APR) that allows an attacker to write beyond the bounds of a buffer.
Apache Portable Runtime (APR) version 1.7.0 is affected by CVE-2022-24963.
CVE-2022-24963 has a severity rating of critical, with a CVSS score of 9.8.
An attacker can exploit CVE-2022-24963 by leveraging the Integer Overflow or Wraparound vulnerability in the apr_encode functions of Apache Portable Runtime (APR) to write beyond the bounds of a buffer, potentially leading to remote code execution or denial of service.
Yes, a fix is available for CVE-2022-24963. It is recommended to upgrade to a version of Apache Portable Runtime (APR) that is not affected by this vulnerability.