APR "apr_fnmatch()" Denial of Service Vulnerability

Bug #871673 reported by Gabrieli Gianpietro on 2011-10-10
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Undecided
Unassigned
apr (Ubuntu)
Undecided
Unassigned

Bug Description

The vulnerability is caused by an infinite recursion error within the "apr_fnmatch()" function when processing certain patterns. This can be exploited to cause a stack overflow via a specially crafted request containing wildcard characters (e.g. "*").

CVE References

Steve Beattie (sbeattie) wrote :

Thanks for reporting this issue, which is CVE-2011-0419. It's a vulnerability in apache's apr library, which in Ubuntu is shipped in the separate 'apr' source package, and the apache packages links against it. It was addressed in USN-1134-1 <http://www.ubuntu.com/usn/usn-1134-1>.

Changed in apache2 (Ubuntu):
status: New → Invalid
Changed in apr (Ubuntu):
status: New → Fix Released
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers