CVE-2022-25147
Published: August 31, 2023Last modified: July 22, 2025
Description
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | LOW |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | apr | Not affected (1.7.2-r0) |
| apr-util | Not affected (1.6.3-r0) | ||
| Stream | apr | Not affected (1.7.4-r0) | |
| apr-util | Not affected (1.6.3-r1) | ||
| Hardened Containers | 23 LTS | apr | Not affected (1.7.2-r0) |
| apr-util | Not affected (1.6.3-r0) | ||
| Stream | apr | Not affected (1.7.4-r0) | |
| apr-util | Not affected (1.6.3-r1) |