APR "apr_fnmatch()" Denial of Service Vulnerability
Bug #871673 reported by
Gabrieli Gianpietro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
apr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The vulnerability is caused by an infinite recursion error within the "apr_fnmatch()" function when processing certain patterns. This can be exploited to cause a stack overflow via a specially crafted request containing wildcard characters (e.g. "*").
CVE References
To post a comment you must log in.
Thanks for reporting this issue, which is CVE-2011-0419. It's a vulnerability in apache's apr library, which in Ubuntu is shipped in the separate 'apr' source package, and the apache packages links against it. It was addressed in USN-1134-1 <http:// www.ubuntu. com/usn/ usn-1134- 1>.