VDB
ALPINE-CVE-2022-25147
ALPINE-CVE-2022-25147
PUBLISHED
CVSS 6.5 MEDIUM
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.14 | apr-util | 0, 1.3.9-r0, 1.3.9-r2 |
| Alpine:v3.24 | apr | 0 |
| Alpine:v3.22 | apr-util | 1.6.1-r10, 1.6.1-r9, 1.6.1-r8 |
| Alpine:v3.20 | apr | 1.5.2-r1, 0, 1.7.0-r2 |
| Alpine:v3.18 | apr | 1.4.5-r0, 1.6.3-r0, 1.5.2-r1 |
| Alpine:v3.20 | apr-util | 1.6.1-r5, 1.6.1-r13, 1.6.1-r12 |
| Alpine:v3.15 | apr | 1.4.2-r4, 1.4.2-r3, 1.4.2-r2 |
| Alpine:v3.23 | apr-util | 1.6.1-r12, 1.6.1-r13, 1.6.1-r14 |
| Alpine:v3.21 | apr | 0, 1.7.0-r1, 1.7.0-r0 |
| Alpine:v3.16 | apr | 1.4.8-r1, 1.4.5-r0, 1.4.4-r0 |
| Alpine:v3.21 | apr-util | 1.6.1-r11, 1.3.9-r1, 1.3.9-r2 |
| Alpine:v3.22 | apr | 0, 1.4.5-r0, 1.4.4-r0 |
| Alpine:v3.23 | apr | 0, 0, 1.3.3-r0 |
| Alpine:v3.24 | apr-util | 0 |
| Alpine:v3.14 | apr | 1.4.6-r0, 1.4.8-r0, 1.4.8-r1 |
| Alpine:v3.18 | apr-util | 1.5.2-r1, 1.5.3-r0, 1.5.4-r0 |
| Alpine:v3.15 | apr-util | 1.3.10-r0, 1.3.10-r1, 1.3.10-r2 |
| Alpine:v3.19 | apr | 1.3.7-r0, 1.3.3-r0, 1.6.3-r0 |
| Alpine:v3.17 | apr-util | 1.3.10-r1, 1.3.10-r0, 0 |
| Alpine:v3.19 | apr-util | 1.3.11-r0, 1.3.12-r0, 1.3.12-r1 |
…and 2 more
Timeline
- Jan 31, 2023 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated