cvedb.io
CVE-2021-35940
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2021-08-23T10:15:07.230 · Last modified 2026-06-17T03:57:58.057

Summary

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

Affected products

apache — portable_runtime

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.