CVE-2022-25147 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2022-25147?
CVE-2022-25147 is a moderate-severity vulnerability affecting Apache Portable Runtime Utility (APR-util) version 1.6.1 and earlier. This Integer Overflow or Wraparound vulnerability in the apr_base64 functions allows an attacker to write beyond the bounds of a buffer, potentially leading to data modification or denial of service. Systems using the affected versions of APR-util, including certain NetApp products, are at risk. Updating software is crucial to mitigate this vulnerability.
Who is impacted by this?
This vulnerability affects users of APR-util version 1.6.1 and earlier, including users of certain NetApp products such as NetApp HCI Compute Node, NetApp SolidFire & HCI Storage Node, ONTAP 9, and StorageGRID. The vulnerability can lead to data modification or denial of service if exploited, making it essential for organizations to update the affected software.
What should I do if I’m affected?
If you're affected by CVE-2022-25147, follow these steps:
Update APR-util to the latest version.
Monitor the Apache website and CVE record for updates and patches.
For NetApp product users, visit the NetApp Support website for software updates and fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-25147 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, an Integer Overflow or Wraparound vulnerability in the apr\_base64 functions of the Apache Portable Runtime Utility (APR-util), affects version 1.6.1 and earlier.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-190, an Integer Overflow or Wraparound issue in the Apache Portable Runtime Utility.
Learn More
CVE-2022-25147 is a moderate-severity vulnerability affecting the Apache Portable Runtime Utility, with potential consequences including data modification or denial of service. For comprehensive information on this vulnerability, consult the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-25147 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2022-25147?
CVE-2022-25147 is a moderate-severity vulnerability affecting Apache Portable Runtime Utility (APR-util) version 1.6.1 and earlier. This Integer Overflow or Wraparound vulnerability in the apr_base64 functions allows an attacker to write beyond the bounds of a buffer, potentially leading to data modification or denial of service. Systems using the affected versions of APR-util, including certain NetApp products, are at risk. Updating software is crucial to mitigate this vulnerability.
Who is impacted by this?
This vulnerability affects users of APR-util version 1.6.1 and earlier, including users of certain NetApp products such as NetApp HCI Compute Node, NetApp SolidFire & HCI Storage Node, ONTAP 9, and StorageGRID. The vulnerability can lead to data modification or denial of service if exploited, making it essential for organizations to update the affected software.
What should I do if I’m affected?
If you're affected by CVE-2022-25147, follow these steps:
Update APR-util to the latest version.
Monitor the Apache website and CVE record for updates and patches.
For NetApp product users, visit the NetApp Support website for software updates and fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-25147 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, an Integer Overflow or Wraparound vulnerability in the apr\_base64 functions of the Apache Portable Runtime Utility (APR-util), affects version 1.6.1 and earlier.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-190, an Integer Overflow or Wraparound issue in the Apache Portable Runtime Utility.
Learn More
CVE-2022-25147 is a moderate-severity vulnerability affecting the Apache Portable Runtime Utility, with potential consequences including data modification or denial of service. For comprehensive information on this vulnerability, consult the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-25147 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2022-25147?
CVE-2022-25147 is a moderate-severity vulnerability affecting Apache Portable Runtime Utility (APR-util) version 1.6.1 and earlier. This Integer Overflow or Wraparound vulnerability in the apr_base64 functions allows an attacker to write beyond the bounds of a buffer, potentially leading to data modification or denial of service. Systems using the affected versions of APR-util, including certain NetApp products, are at risk. Updating software is crucial to mitigate this vulnerability.
Who is impacted by this?
This vulnerability affects users of APR-util version 1.6.1 and earlier, including users of certain NetApp products such as NetApp HCI Compute Node, NetApp SolidFire & HCI Storage Node, ONTAP 9, and StorageGRID. The vulnerability can lead to data modification or denial of service if exploited, making it essential for organizations to update the affected software.
What should I do if I’m affected?
If you're affected by CVE-2022-25147, follow these steps:
Update APR-util to the latest version.
Monitor the Apache website and CVE record for updates and patches.
For NetApp product users, visit the NetApp Support website for software updates and fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-25147 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, an Integer Overflow or Wraparound vulnerability in the apr\_base64 functions of the Apache Portable Runtime Utility (APR-util), affects version 1.6.1 and earlier.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-190, an Integer Overflow or Wraparound issue in the Apache Portable Runtime Utility.
Learn More
CVE-2022-25147 is a moderate-severity vulnerability affecting the Apache Portable Runtime Utility, with potential consequences including data modification or denial of service. For comprehensive information on this vulnerability, consult the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions