DEBIAN-CVE-2017-12613

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2017-12613

Downstream

DLA-1162-1 DLA-2897-1

Published: 24 Oct 2017, 01:29

Last modified:28 Apr 2026, 20:16

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Oct 2017, 01:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:16

Last Modified

Vulnerability information updated

Description

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Systems

debian•apr
< 1.6.3-1 | < 1.6.3-1 | < 1.6.3-1 | < 1.6.3-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-12613