VDB
DEBIAN-CVE-2021-35940
DEBIAN-CVE-2021-35940
PUBLISHED
CVSS 7.099999904632568 HIGH
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | apr | 1.7.0-6, 1.7.0-6, 0 |
| Debian:12 | apr | 0, 0, 0 |
| Debian:14 | apr | 0, 0, 0 |
| Debian:13 | apr | 0, 0, 0 |
Timeline
- Aug 23, 2021 CVE Published
- Apr 28, 2026 CVE Updated