Amazon Linux 2023: CVE-2022-25147: Medium priority package update for apr-util

Amazon Linux 2023: CVE-2022-25147: Medium priority package update for apr-util

Severity

6

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:P)

Published

01/31/2023

Created

02/14/2025

Added

02/14/2025

Modified

02/14/2025

Description

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

Solution(s)

• amazon-linux-2023-upgrade-apr-util
• amazon-linux-2023-upgrade-apr-util-debuginfo
• amazon-linux-2023-upgrade-apr-util-debugsource
• amazon-linux-2023-upgrade-apr-util-devel
• amazon-linux-2023-upgrade-apr-util-ldap
• amazon-linux-2023-upgrade-apr-util-ldap-debuginfo
• amazon-linux-2023-upgrade-apr-util-mysql
• amazon-linux-2023-upgrade-apr-util-mysql-debuginfo
• amazon-linux-2023-upgrade-apr-util-odbc
• amazon-linux-2023-upgrade-apr-util-odbc-debuginfo
• amazon-linux-2023-upgrade-apr-util-openssl
• amazon-linux-2023-upgrade-apr-util-openssl-debuginfo
• amazon-linux-2023-upgrade-apr-util-pgsql
• amazon-linux-2023-upgrade-apr-util-pgsql-debuginfo
• amazon-linux-2023-upgrade-apr-util-sqlite
• amazon-linux-2023-upgrade-apr-util-sqlite-debuginfo

References

• https://attackerkb.com/topics/cve-2022-25147
• CVE - 2022-25147
• https://alas.aws.amazon.com/AL2023/ALAS-2023-066.html