CVE-2021-35940 in Apache and Oracle Products
Published on August 23, 2021

Regression of CVE-2017-12613

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

NVD

Products Associated with CVE-2021-35940

stack.watch emails you whenever new vulnerabilities are published in Apache Portable Runtime or Oracle Http Server. Just hit a watch button to start following.

Apache Portable Runtime

Oracle Http Server

Affected Versions

Apache Software Foundation Apache Portable Runtime (APR) Version Apache Portable Runtime 1.7.0 is affected by CVE-2021-35940

Exploit Probability

EPSS

0.06%

Percentile

17.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-35940 in Apache and Oracle ProductsPublished on August 23, 2021

Products Associated with CVE-2021-35940

Affected Versions

Exploit Probability

CVE-2021-35940 in Apache and Oracle Products
Published on August 23, 2021