Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-0419
Severity
4.3MEDIUM
EPSS
48.8%
top 2.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 16
Latest updateMay 13
Description
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages7 packages
Also affects: Netbsd 5.1, Debian Linux 5.0, 6.0, 7.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-hx32-x2cq-h45v: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch↗2022-05-13
CVEList▶
CVE-2011-0419: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch↗2011-05-16
OSV▶
CVE-2011-0419: Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch↗2011-05-16
💥Exploits & PoCs
1🔍Detection Rules
1📋Vendor Advisories
5Debian▶
CVE-2011-0419: apr - Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c i...↗2011