Improper input validation in Apache Portable_runtime

CVE-2012-0840

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.402 (97.4th percentile) — read the EPSS interpretation.

Affected products

Apache Portable_runtime — versions 0.9.1, 0.9.2, 0.9.2-dev
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[apr-commits] 20120115 svn commit: r1231605 - /apr/apr/trunk/tables/apr_hash.c (mailing-list, x_refsource_MLIST)
apacheapr-hash-dos(73096) (vdb-entry, x_refsource_XF)
[oss-security] 20120208 CVE request: apr - Hash DoS vulnerability (mailing-list, x_refsource_MLIST)
MDVSA-2012:019 (vendor-advisory, x_refsource_MANDRIVA)
47862 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[dev] 20120105 Hash collision vectors in APR? (mailing-list, x_refsource_MLIST)
[dev] 20120113 Re: Hash collision vectors in APR? (mailing-list, x_refsource_MLIST)
[oss-security] 20120208 Re: CVE request: apr - Hash DoS vulnerability (mailing-list, x_refsource_MLIST)
[dev] 20120114 Re: Hash collision vectors in APR? (mailing-list, x_refsource_MLIST)