VYPR
Unrated severityNVD Advisory· Published May 16, 2011· Updated Jun 16, 2026

CVE-2011-0419

CVE-2011-0419

Description

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*range: >=2.0.0,<=2.0.65
    • (no CPE)range: <2.2.18
  • cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
    Range: <1.4.3
  • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    • (no CPE)range: =10.6
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
  • NetBSD/NetBSD2 versions
    cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*
    • (no CPE)range: =5.1
  • OpenBSD/OpenBSD2 versions
    cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*
    • (no CPE)range: =4.8
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
  • Range: <1.4.3

Patches

Vulnerability mechanics

References

58

News mentions

0

No linked articles in our index yet.