Unrated severityNVD Advisory· Published Feb 10, 2012· Updated Apr 29, 2026
CVE-2012-0840
CVE-2012-0840
Description
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Affected products
35cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*range: <=1.4.5
- cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:portable_runtime:1.4.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- svn.apache.org/viewvcnvdPatch
- secunia.com/advisories/47862nvdVendor Advisory
- mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3Envd
- openwall.com/lists/oss-security/2012/02/08/3nvd
- openwall.com/lists/oss-security/2012/02/09/1nvd
- www.mail-archive.com/dev%40apr.apache.org/msg24439.htmlnvd
- www.mail-archive.com/dev%40apr.apache.org/msg24472.htmlnvd
- www.mail-archive.com/dev%40apr.apache.org/msg24473.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/73096nvd
News mentions
0No linked articles in our index yet.