When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
References
Link Providers
http://www.apache.org/dist/apr/Announcement1.x.html cve-icon cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2021/08/23/1 cve-icon cve-icon
http://www.securityfocus.com/bid/101560 cve-icon cve-icon
http://www.securitytracker.com/id/1042004 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3270 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3475 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3476 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3477 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0316 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0465 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0466 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1253 cve-icon cve-icon
https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-12613 cve-icon
https://svn.apache.org/viewvc?view=revision&revision=1807976 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-12613 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-10-24T01:00:00

Updated: 2024-08-05T18:43:56.151Z

Reserved: 2017-08-07T00:00:00

Link: CVE-2017-12613

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-10-24T01:29:02.000

Modified: 2024-11-21T03:09:53.687

Link: CVE-2017-12613

cve-icon Redhat

Severity : Important

Publid Date: 2017-10-23T00:00:00Z

Links: CVE-2017-12613 - Bugzilla