CVE-2012-0840

Description

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected products

• apache / portable_runtime1.4.5
• apache / portable_runtime0.9.1 – 0.9.1
• apache / portable_runtime0.9.2 – 0.9.2
• apache / portable_runtime0.9.2-dev – 0.9.2-dev
• apache / portable_runtime0.9.3 – 0.9.3
• apache / portable_runtime0.9.3-dev – 0.9.3-dev
• apache / portable_runtime0.9.4 – 0.9.4
• apache / portable_runtime0.9.5 – 0.9.5
• apache / portable_runtime0.9.6 – 0.9.6
• apache / portable_runtime0.9.7 – 0.9.7
• apache / portable_runtime0.9.7-dev – 0.9.7-dev
• apache / portable_runtime0.9.8 – 0.9.8
• apache / portable_runtime0.9.9 – 0.9.9
• apache / portable_runtime0.9.16-dev – 0.9.16-dev
• apache / portable_runtime1.3.0 – 1.3.0
• apache / portable_runtime1.3.1 – 1.3.1
• apache / portable_runtime1.3.2 – 1.3.2
• apache / portable_runtime1.3.3 – 1.3.3
• apache / portable_runtime1.3.4 – 1.3.4
• apache / portable_runtime1.3.4-dev – 1.3.4-dev
• apache / portable_runtime1.3.5 – 1.3.5
• apache / portable_runtime1.3.6 – 1.3.6
• apache / portable_runtime1.3.6-dev – 1.3.6-dev
• apache / portable_runtime1.3.7 – 1.3.7
• apache / portable_runtime1.3.8 – 1.3.8
• apache / portable_runtime1.3.9 – 1.3.9
• apache / portable_runtime1.3.10 – 1.3.10
• apache / portable_runtime1.3.11 – 1.3.11
• apache / portable_runtime1.3.12 – 1.3.12
• apache / portable_runtime1.3.13 – 1.3.13
• apache / portable_runtime1.4.0 – 1.4.0
• apache / portable_runtime1.4.1 – 1.4.1
• apache / portable_runtime1.4.2 – 1.4.2
• apache / portable_runtime1.4.3 – 1.4.3
• apache / portable_runtime1.4.4 – 1.4.4

References

• MISChttp://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/73096
• MAILING_LISThttp://openwall.com/lists/oss-security/2012/02/08/3
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:019
• VENDOR_ADVISORYhttp://secunia.com/advisories/47862
• MISChttp://svn.apache.org/viewvc?rev=1231605&view=rev
• MISChttp://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
• MISChttp://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
• MAILING_LISThttp://openwall.com/lists/oss-security/2012/02/09/1
• MISChttp://www.mail-archive.com/dev%40apr.apache.org/msg24473.html