---

CVE-2021-35940 - log back

CVE-2021-35940 edited at 23 Aug 2021 15:45:58
References	- https://www.openwall.com/lists/oss-security/2021/08/23/1 + https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch https://svn.apache.org/viewvc?view=revision&revision=1891198

CVE-2021-35940 edited at 23 Aug 2021 11:09:53
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
References	+ https://www.openwall.com/lists/oss-security/2021/08/23/1 + https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch + https://svn.apache.org/viewvc?view=revision&revision=1891198
Notes

CVE-2021-35940 created at 23 Aug 2021 11:07:54