Denial of Service Vulnerability in Apache Portable Runtime Library
CVE-2012-0840

Currently unrated

Key Information:

Vendor: Apache
Status: Portable Runtime
Vendor: CVE Published:; 10 February 2012

Summary

The vulnerability exists in the tables/apr_hash.c component of the Apache Portable Runtime (APR) library up to version 1.4.5. It allows attackers to exploit predictable hash collision vulnerabilities, which can lead to excessive CPU consumption during hash table maintenance. By sending specially crafted input, an attacker can cause applications that rely on APR to become unresponsive, resulting in a denial of service. This poses a significant threat to system availability and can impact any application using APR, making it essential for administrators to apply necessary updates or patches to mitigate this risk.

References

http://mail-archives.apache.org/mod_mbox/apr-commits/2012...

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/73096

vdb-entryx_refsource_XF

http://openwall.com/lists/oss-security/2012/02/08/3

mailing-listx_refsource_MLIST

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 10, 2012
Vulnerability Reserved
Jan 19, 2012