Vulnerability-Lookup

CVE-2022-24963 (GCVE-0-2022-24963)

Vulnerability from cvelistv5 – Published: 2023-01-31 15:52 – Updated: 2025-03-27 14:33

Title

Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions

Summary

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

Severity ?

No CVSS data available.

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Portable Runtime (APR)	Affected: 1.7.0

CVE-2022-24963

Vulnerability from fstec - Published: 31.01.2023

Title

Уязвимость функции apr_encode библиотеки Apache Portable Runtime (APR), позволяющая нарушителю выполнить произвольный код

Description

Уязвимость функции apr_encode библиотеки Apache Portable Runtime (APR) связана с целочисленным переполнением при обработке длины полей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, Novell Inc., Canonical Ltd., Red Hat Inc., NetApp Inc., АО «ИВК», Apache Software Foundation, Project Harbor, ООО «НЦПР»

Software Name

Debian GNU/Linux, openSUSE Tumbleweed, Ubuntu, Red Hat Enterprise Linux, ONTAP, АЛЬТ СП 10, Red Hat JBoss Core Services, NetApp SolidFire & HCI Storage Node, NetApp SolidFire & HCI Management Node, NetApp HCI Compute Node BIOS, SUSE Liberty Linux, Portable Runtime (APR), Jboss Web Server, Red Hat JBoss Web Server, harbor, МСВСфера

Software Version

10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), 9 (ONTAP), - (АЛЬТ СП 10), 1 (Red Hat JBoss Core Services), RHEL 8 (Red Hat JBoss Core Services), RHEL 7 (Red Hat JBoss Core Services), - (NetApp SolidFire & HCI Storage Node), - (NetApp SolidFire & HCI Management Node), - (NetApp HCI Compute Node BIOS), 9 (SUSE Liberty Linux), 1.7.0 (Portable Runtime (APR)), 5.7.4 (Jboss Web Server), 5.7 on RHEL7 (Red Hat JBoss Web Server), 5.7 on RHEL 8 (Red Hat JBoss Web Server), 5.7 on RHEL 9 (Red Hat JBoss Web Server), 2.7.0 (harbor), 9.5 (МСВСфера)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Apache Software Foundation: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 Для Ubuntu: https://ubuntu.com/security/notices/USN-5885-1 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2022-24963.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2022-24963 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2022-24963 Для программных продуктов NetApp Inc.: https://security.netapp.com/advisory/ntap-20230908-0008/ Компенсирующие меры для Harbor : - отключение/удаление неиспользуемых учетных записей пользователей; - минимизация пользовательских привилегий; - использование антивирусных средств защиты; - контроль действий пользователей. Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2023:7711?lang=ru

Reference

https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://ubuntu.com/security/notices/USN-5885-1 https://www.suse.com/security/cve/CVE-2022-24963.html https://access.redhat.com/security/cve/CVE-2022-24963 https://security-tracker.debian.org/tracker/CVE-2022-24963 https://security.netapp.com/advisory/ntap-20230908-0008/ https://altsp.su/obnovleniya-bezopasnosti/ https://errata.msvsphere-os.ru/definition/9/INFCSA-2023:7711?lang=ru

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Canonical Ltd., Red Hat Inc., NetApp Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation, Project Harbor, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), 9 (ONTAP), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 1 (Red Hat JBoss Core Services), RHEL 8 (Red Hat JBoss Core Services), RHEL 7 (Red Hat JBoss Core Services), - (NetApp SolidFire \u0026 HCI Storage Node), - (NetApp SolidFire \u0026 HCI Management Node), - (NetApp HCI Compute Node BIOS), 9 (SUSE Liberty Linux), 1.7.0 (Portable Runtime (APR)), 5.7.4 (Jboss Web Server), 5.7 on RHEL7 (Red Hat JBoss Web Server), 5.7 on RHEL 8 (Red Hat JBoss Web Server), 5.7 on RHEL 9 (Red Hat JBoss Web Server), 2.7.0 (harbor), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apache Software Foundation:\nhttps://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-5885-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-24963.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-24963\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-24963\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 NetApp Inc.:\nhttps://security.netapp.com/advisory/ntap-20230908-0008/\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b \u0434\u043b\u044f Harbor :\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2023:7711?lang=ru",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00850",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24963",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, openSUSE Tumbleweed, Ubuntu, Red Hat Enterprise Linux, ONTAP, \u0410\u041b\u042c\u0422 \u0421\u041f 10, Red Hat JBoss Core Services, NetApp SolidFire \u0026 HCI Storage Node, NetApp SolidFire \u0026 HCI Management Node, NetApp HCI Compute Node BIOS, SUSE Liberty Linux, Portable Runtime (APR), Jboss Web Server, Red Hat JBoss Web Server, harbor, \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. openSUSE Tumbleweed - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 22.10 , NetApp Inc. ONTAP 9 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , Novell Inc. SUSE Liberty Linux 9 , \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 apr_encode \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Portable Runtime (APR), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 apr_encode \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Portable Runtime (APR) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0434\u043b\u0438\u043d\u044b \u043f\u043e\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9\nhttps://ubuntu.com/security/notices/USN-5885-1\nhttps://www.suse.com/security/cve/CVE-2022-24963.html\nhttps://access.redhat.com/security/cve/CVE-2022-24963\nhttps://security-tracker.debian.org/tracker/CVE-2022-24963\nhttps://security.netapp.com/advisory/ntap-20230908-0008/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2023:7711?lang=ru",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

bit-apr-2022-24963

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:50

Modified

2025-05-20 10:02

Summary

Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "apr",
        "purl": "pkg:bitnami/apr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.7.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24963"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0.",
  "id": "BIT-apr-2022-24963",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:50:46.060Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions"
}

GHSA-6RR3-MPXQ-HV4X

Vulnerability from github – Published: 2023-01-31 18:30 – Updated: 2025-03-27 15:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-24963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-31T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.",
  "id": "GHSA-6rr3-mpxq-hv4x",
  "modified": "2025-03-27T15:30:36Z",
  "published": "2023-01-31T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230908-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-24963

Vulnerability from osv_almalinux

Published

2023-12-11 00:00

Modified

2023-12-11 13:16

Summary

Moderate: apr security update

Details

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.

Security Fix(es):

apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "apr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0-12.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "apr-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0-12.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:7711",
  "modified": "2023-12-11T13:16:59Z",
  "published": "2023-12-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-24963"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2169465"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-7711.html"
    }
  ],
  "related": [
    "CVE-2022-24963"
  ],
  "summary": "Moderate: apr security update"
}

FKIE_CVE-2022-24963

Vulnerability from fkie_nvd - Published: 2023-01-31 16:15 - Updated: 2025-03-27 15:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9	Mailing List, Vendor Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20230908-0008/
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230908-0008/

Impacted products

	Vendor	Product	Version
	apache	portable_runtime	1.7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56961B22-99C1-470F-9EDC-B02633745025",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desbordamiento de enteros o envoltura en las funciones apr_encode de Apache Portable Runtime (APR) permite a un atacante escribir m\u00e1s all\u00e1 de los l\u00edmites de un b\u00fafer. Este problema afecta a Apache Portable Runtime (APR) versi\u00f3n 1.7.0."
    }
  ],
  "id": "CVE-2022-24963",
  "lastModified": "2025-03-27T15:15:36.323",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-31T16:15:08.830",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GSD-2022-24963

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-24963

Aliases

CVE-2022-24963

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24963",
    "id": "GSD-2022-24963",
    "references": [
      "https://advisories.mageia.org/CVE-2022-24963.html",
      "https://www.suse.com/security/cve/CVE-2022-24963.html",
      "https://www.debian.org/security/2023/dsa-5370"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24963"
      ],
      "details": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0.",
      "id": "GSD-2022-24963",
      "modified": "2023-12-13T01:19:43.206116Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-24963",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Portable Runtime (APR)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "1.7.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Ronald Crane (Zippenhop LLC)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-190",
                "lang": "eng",
                "value": "CWE-190 Integer Overflow or Wraparound"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230908-0008/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-24963"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230908-0008/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-09-08T17:15Z",
      "publishedDate": "2023-01-31T16:15Z"
    }
  }
}

CNVD-2023-57672

Vulnerability from cnvd - Published: 2023-07-21

Title

Apache Portable Runtime越界写漏洞

Description

Apache Portable Runtime是美国阿帕奇（Apache）基金会的一个为上层应用程序提供可跨越多个操作系统平台使用的底层支持接口库。 Apache Portable Runtime存在越界写漏洞，攻击者可利用该漏洞实现整数溢出或环绕错误导致向缓冲区边界之外写入数据。

Severity

高

Patch Name

Apache Portable Runtime越界写漏洞的补丁

Patch Description

Apache Portable Runtime是美国阿帕奇（Apache）基金会的一个为上层应用程序提供可跨越多个操作系统平台使用的底层支持接口库。 Apache Portable Runtime存在越界写漏洞，攻击者可利用该漏洞实现整数溢出或环绕错误导致向缓冲区边界之外写入数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9

Reference

https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9

Impacted products

Name
Apache Portable Runtime 1.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24963",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
    }
  },
  "description": "Apache Portable Runtime\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e3a\u4e0a\u5c42\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u8de8\u8d8a\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5e73\u53f0\u4f7f\u7528\u7684\u5e95\u5c42\u652f\u6301\u63a5\u53e3\u5e93\u3002\n\nApache Portable Runtime\u5b58\u5728\u8d8a\u754c\u5199\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6574\u6570\u6ea2\u51fa\u6216\u73af\u7ed5\u9519\u8bef\u5bfc\u81f4\u5411\u7f13\u51b2\u533a\u8fb9\u754c\u4e4b\u5916\u5199\u5165\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-57672",
  "openTime": "2023-07-21",
  "patchDescription": "Apache Portable Runtime\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e3a\u4e0a\u5c42\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u8de8\u8d8a\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5e73\u53f0\u4f7f\u7528\u7684\u5e95\u5c42\u652f\u6301\u63a5\u53e3\u5e93\u3002\r\n\r\nApache Portable Runtime\u5b58\u5728\u8d8a\u754c\u5199\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6574\u6570\u6ea2\u51fa\u6216\u73af\u7ed5\u9519\u8bef\u5bfc\u81f4\u5411\u7f13\u51b2\u533a\u8fb9\u754c\u4e4b\u5916\u5199\u5165\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Portable Runtime\u8d8a\u754c\u5199\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Portable Runtime 1.7.0"
  },
  "referenceLink": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
  "serverity": "\u9ad8",
  "submitTime": "2023-02-06",
  "title": "Apache Portable Runtime\u8d8a\u754c\u5199\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24963 (GCVE-0-2022-24963)

CVE-2022-24963

bit-apr-2022-24963

Vulnerability from bitnami_vulndb

GHSA-6RR3-MPXQ-HV4X

cve-2022-24963

Vulnerability from osv_almalinux

FKIE_CVE-2022-24963

GSD-2022-24963

CNVD-2023-57672

Tags

Sightings

Nomenclature