CVE-2012-0840

Currently unrated

Key Information:

Vendor: Apache
Status: Portable Runtime
Vendor: CVE Published:; 10 February 2012

Summary

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

References

http://mail-archives.apache.org/mod_mbox/apr-commits/2012...

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/73096

vdb-entryx_refsource_XF

http://openwall.com/lists/oss-security/2012/02/08/3

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Feb 10, 2012
Vulnerability Reserved
Jan 19, 2012