Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Information
Published : 2011-05-16 10:55
Updated : 2022-09-19 12:47
NVD link : CVE-2011-0419
Mitre link : CVE-2011-0419
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
- android
netbsd
- netbsd
apache
- portable_runtime
- http_server
debian
- debian_linux
freebsd
- freebsd
apple
- mac_os_x
suse
- linux_enterprise_server
openbsd
- openbsd
oracle
- solaris