CVE-2011-0419

MEDIUM Year: 2011
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Related Vulnerabilities

CVE-2018-20033

CRITICAL
CVSS:9.8(Critical)

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deall...

CWE-7702018

CVE-2019-17067

CRITICAL
CVSS:9.8(Critical)

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

CWE-7702019

CVE-2023-25156

CRITICAL
CVSS:9.8(Critical)

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrad...

CWE-7702023

CVE-2023-38507

CRITICAL
CVSS:9.8(Critical)

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. The...

CWE-7702023

CVE-2024-44241

CRITICAL
CVSS:9.8(Critical)

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP ...

CWE-7702024

CVE-2021-41591

CRITICAL
CVSS:9.4(Critical)

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.

CWE-7702021