CVE-2012-0840

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
apacheportable_runtime
𝑥
≤ 1.4.5
apacheportable_runtime
0.9.1
apacheportable_runtime
0.9.2
apacheportable_runtime
0.9.2-dev
apacheportable_runtime
0.9.3
apacheportable_runtime
0.9.3-dev
apacheportable_runtime
0.9.4
apacheportable_runtime
0.9.5
apacheportable_runtime
0.9.6
apacheportable_runtime
0.9.7
apacheportable_runtime
0.9.7-dev
apacheportable_runtime
0.9.8
apacheportable_runtime
0.9.9
apacheportable_runtime
0.9.16-dev
apacheportable_runtime
1.3.0
apacheportable_runtime
1.3.1
apacheportable_runtime
1.3.2
apacheportable_runtime
1.3.3
apacheportable_runtime
1.3.4
apacheportable_runtime
1.3.4-dev
apacheportable_runtime
1.3.5
apacheportable_runtime
1.3.6
apacheportable_runtime
1.3.6-dev
apacheportable_runtime
1.3.7
apacheportable_runtime
1.3.8
apacheportable_runtime
1.3.9
apacheportable_runtime
1.3.10
apacheportable_runtime
1.3.11
apacheportable_runtime
1.3.12
apacheportable_runtime
1.3.13
apacheportable_runtime
1.4.0
apacheportable_runtime
1.4.1
apacheportable_runtime
1.4.2
apacheportable_runtime
1.4.3
apacheportable_runtime
1.4.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apr
bullseye (security)
1.7.0-6+deb11u2
fixed
bullseye
1.7.0-6+deb11u2
fixed
squeeze
no-dsa
bookworm
1.7.2-3
fixed
sid
1.7.5-1
fixed
trixie
1.7.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apr
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
http://openwall.com/lists/oss-security/2012/02/08/3
http://openwall.com/lists/oss-security/2012/02/09/1
http://secunia.com/advisories/47862
http://svn.apache.org/viewvc?rev=1231605&view=rev
http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/73096
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
http://openwall.com/lists/oss-security/2012/02/08/3
http://openwall.com/lists/oss-security/2012/02/09/1
http://secunia.com/advisories/47862
http://svn.apache.org/viewvc?rev=1231605&view=rev
http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/73096