Apache Portable Runtime — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Portable Runtime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2009-2412 — CVSS 10.0 (critical): Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and…
CVE-2022-28331 — CVSS 9.8 (critical): On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a…
CVE-2022-24963 — CVSS 9.8 (critical): Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond…
CVE-2009-2699 — CVSS 7.5 (high): The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as…
CVE-2017-12613 — CVSS 7.1 (high): When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and…
CVE-2021-35940 — CVSS 7.1 (high): An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The…
CVE-2023-49582 — CVSS 5.5 (medium): Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory…
CVE-2012-0840 — CVSS 5.0 (medium): tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to…
CVE-2011-0419 — CVSS 4.3 (medium): Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3…