{"id":"CVE-2017-12613","details":"When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.","modified":"2026-04-16T04:40:04.254566819Z","published":"2017-10-24T01:29:02Z","related":["SUSE-SU-2018:1196-1","SUSE-SU-2018:1322-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"http://www.securityfocus.com/bid/101560"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"},{"type":"ADVISORY","url":"http://www.apache.org/dist/apr/Announcement1.x.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1042004"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3270"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1253"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0316"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/23/1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"},{"type":"REPORT","url":"https://svn.apache.org/viewvc?view=revision&revision=1807976"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/apr","events":[{"introduced":"0"},{"fixed":"74084e43adbf6b9df152a8b5d051b8180ebc1a69"},{"introduced":"0"},{"last_affected":"4257da41d74e957463b8992de791069d739692b3"},{"introduced":"0"},{"last_affected":"4257da41d74e957463b8992de791069d739692b3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.7.0"},{"introduced":"0"},{"last_affected":"1.0"},{"introduced":"0"},{"last_affected":"1.0"}]}}],"versions":["APR_1_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12613.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}