Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2017-12618

Disclosure Date: October 24, 2017
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.7 Medium
Impact Score:
3.6
Exploitability Score:
1
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • apache

Products

  • portable runtime utility 0.9.1,
  • portable runtime utility 0.9.10,
  • portable runtime utility 0.9.11,
  • portable runtime utility 0.9.12,
  • portable runtime utility 0.9.13,
  • portable runtime utility 0.9.14,
  • portable runtime utility 0.9.15,
  • portable runtime utility 0.9.16,
  • portable runtime utility 0.9.17,
  • portable runtime utility 0.9.18,
  • portable runtime utility 0.9.19,
  • portable runtime utility 0.9.2,
  • portable runtime utility 0.9.20,
  • portable runtime utility 0.9.3,
  • portable runtime utility 0.9.4,
  • portable runtime utility 0.9.5,
  • portable runtime utility 0.9.6,
  • portable runtime utility 0.9.7,
  • portable runtime utility 0.9.9,
  • portable runtime utility 1.0.0,
  • portable runtime utility 1.0.1,
  • portable runtime utility 1.0.2,
  • portable runtime utility 1.1.0,
  • portable runtime utility 1.1.1,
  • portable runtime utility 1.1.2,
  • portable runtime utility 1.2.1,
  • portable runtime utility 1.2.10,
  • portable runtime utility 1.2.12,
  • portable runtime utility 1.2.13,
  • portable runtime utility 1.2.2,
  • portable runtime utility 1.2.6,
  • portable runtime utility 1.2.7,
  • portable runtime utility 1.2.8,
  • portable runtime utility 1.2.9,
  • portable runtime utility 1.3.0,
  • portable runtime utility 1.3.1,
  • portable runtime utility 1.3.10,
  • portable runtime utility 1.3.11,
  • portable runtime utility 1.3.12,
  • portable runtime utility 1.3.13,
  • portable runtime utility 1.3.2,
  • portable runtime utility 1.3.3,
  • portable runtime utility 1.3.4,
  • portable runtime utility 1.3.5,
  • portable runtime utility 1.3.6,
  • portable runtime utility 1.3.7,
  • portable runtime utility 1.3.8,
  • portable runtime utility 1.3.9,
  • portable runtime utility 1.4.0,
  • portable runtime utility 1.4.1,
  • portable runtime utility 1.4.2,
  • portable runtime utility 1.4.3,
  • portable runtime utility 1.5.0,
  • portable runtime utility 1.5.1,
  • portable runtime utility 1.5.2,
  • portable runtime utility 1.5.3,
  • portable runtime utility 1.5.4,
  • portable runtime utility 1.5.5,
  • portable runtime utility 1.6.0
Technical Analysis