tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E - | |
References | () http://openwall.com/lists/oss-security/2012/02/08/3 - | |
References | () http://openwall.com/lists/oss-security/2012/02/09/1 - | |
References | () http://secunia.com/advisories/47862 - Vendor Advisory | |
References | () http://svn.apache.org/viewvc?rev=1231605&view=rev - Patch | |
References | () http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html - | |
References | () http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html - | |
References | () http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:019 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/73096 - |
07 Nov 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2012-02-10 19:55
Updated : 2024-11-21 01:35
NVD link : CVE-2012-0840
Mitre link : CVE-2012-0840
CVE.ORG link : CVE-2012-0840
JSON object : View
Products Affected
apache
- portable_runtime
CWE
CWE-20
Improper Input Validation