UBUNTU-CVE-2021-35940

Source
https://ubuntu.com/security/CVE-2021-35940
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-35940.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-35940
Related
Published
2021-08-23T10:15:00Z
Modified
2024-11-20T12:25:36Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds array read in the aprtimeexp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

References

Affected packages

Ubuntu:Pro:14.04:LTS / apr

Package

Name
apr
Purl
pkg:deb/ubuntu/apr?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-1ubuntu0.1~esm1

Affected versions

1.*

1.4.8-1ubuntu1
1.4.8-2
1.4.8-3
1.5.0-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.0-1ubuntu0.1~esm1",
            "binary_name": "libapr1"
        },
        {
            "binary_version": "1.5.0-1ubuntu0.1~esm1",
            "binary_name": "libapr1-dbg"
        },
        {
            "binary_version": "1.5.0-1ubuntu0.1~esm1",
            "binary_name": "libapr1-dbgsym"
        },
        {
            "binary_version": "1.5.0-1ubuntu0.1~esm1",
            "binary_name": "libapr1-dev"
        },
        {
            "binary_version": "1.5.0-1ubuntu0.1~esm1",
            "binary_name": "libapr1-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / apr

Package

Name
apr
Purl
pkg:deb/ubuntu/apr?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.2-3ubuntu0.1~esm1

Affected versions

1.*

1.5.2-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.2-3ubuntu0.1~esm1",
            "binary_name": "libapr1"
        },
        {
            "binary_version": "1.5.2-3ubuntu0.1~esm1",
            "binary_name": "libapr1-dbg"
        },
        {
            "binary_version": "1.5.2-3ubuntu0.1~esm1",
            "binary_name": "libapr1-dbgsym"
        },
        {
            "binary_version": "1.5.2-3ubuntu0.1~esm1",
            "binary_name": "libapr1-dev"
        },
        {
            "binary_version": "1.5.2-3ubuntu0.1~esm1",
            "binary_name": "libapr1-dev-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / apr

Package

Name
apr
Purl
pkg:deb/ubuntu/apr?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-6ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.7.0-6ubuntu1",
            "binary_name": "libapr1"
        },
        {
            "binary_version": "1.7.0-6ubuntu1",
            "binary_name": "libapr1-dbgsym"
        },
        {
            "binary_version": "1.7.0-6ubuntu1",
            "binary_name": "libapr1-dev"
        }
    ]
}