FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache APR -- DoS vulnerabilities

Affected packages
apr1 < 1.4.4.1.3.11

Details

VuXML ID 00b296b6-7db1-11e0-96b7-00300582f9fc
Discovery 2011-05-10
Entry 2011-05-12

The Apache Portable Runtime Project reports:

Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards. Reimplement apr_fnmatch() from scratch using a non-recursive algorithm now has improved compliance with the fnmatch() spec. (William Rowe)

References

CVE Name CVE-2011-0419
URL http://www.apache.org/dist/apr/Announcement1.x.html