Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0840

CWE-20 — Improper Input Validation8 documents8 sources

Severity

5.0MEDIUM

EPSS

37.2%

top 2.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Portable Runtime

Timeline

PublishedFeb 10

Latest updateMay 17

Description

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/portable_runtime1.4.5+34

▶Debianapr< 1.4.6-1+3

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-x7rw-r7fp-j64f: tables/apr_hash↗2022-05-17

▶

OSV

CVE-2012-0840: tables/apr_hash↗2012-02-10

▶

CVEList

CVE-2012-0840: tables/apr_hash↗2012-02-10

▶

💥Exploits & PoCs

Exploit-DB

Apache APR - Hash Collision Denial of Service↗2012-01-05

▶

📋Vendor Advisories

Red Hat

apr: hash table collisions CPU usage DoS↗2012-01-05

▶

Debian

CVE-2012-0840: apr - tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 com...↗2012

▶

💬Community

Bugzilla

CVE-2012-0840 apr: hash table collisions CPU usage DoS↗2012-01-13

▶