Oracle Linux: CVE-2022-25147: ELSA-2023-3147: apr-util security update (IMPORTANT) (Multiple Advisories)

Oracle Linux: CVE-2022-25147: ELSA-2023-3147:apr-util security update (IMPORTANT) (Multiple Advisories)

Severity

6

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:P)

Published

01/31/2023

Created

05/19/2023

Added

05/18/2023

Modified

12/24/2024

Description

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.

Solution(s)

• oracle-linux-upgrade-apr-util
• oracle-linux-upgrade-apr-util-bdb
• oracle-linux-upgrade-apr-util-devel
• oracle-linux-upgrade-apr-util-ldap
• oracle-linux-upgrade-apr-util-mysql
• oracle-linux-upgrade-apr-util-nss
• oracle-linux-upgrade-apr-util-odbc
• oracle-linux-upgrade-apr-util-openssl
• oracle-linux-upgrade-apr-util-pgsql
• oracle-linux-upgrade-apr-util-sqlite

References

• https://attackerkb.com/topics/cve-2022-25147
• CVE - 2022-25147
• ELSA-2023-3147
• ELSA-2023-3145
• ELSA-2023-3109