CVE-2012-0840 in Portable Runtime
Summary
by MITRE
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/12/2024
The Apache Portable Runtime library version 1.4.5 contains a significant vulnerability in its hash table implementation that affects numerous applications relying on this foundational component. This weakness resides in the tables/apr_hash.c file where the hash function does not adequately restrict the conditions under which hash collisions can be deliberately triggered. The vulnerability creates a predictable path for attackers to manipulate input data in such a way that multiple hash values collide, forcing the hash table implementation to degrade from optimal O(1) performance to O(n) behavior where each lookup becomes a linear search through the collision chain.
The technical flaw stems from insufficient hash value computation that fails to incorporate proper randomization or salt mechanisms to prevent attackers from crafting specific input sequences that will consistently map to the same hash bucket. This predictable collision behavior represents a classic application-level denial of service vulnerability where the attacker can consume excessive CPU resources by forcing hash table operations to perform at their worst-case complexity. The vulnerability is context-dependent because it requires an application that maintains hash tables and processes user-supplied input through the affected APR library functions.
When exploited, this vulnerability enables attackers to cause substantial CPU consumption as the hash table operations degrade from logarithmic to linear performance characteristics. The impact extends beyond simple resource exhaustion since many applications that utilize APR for configuration management, request processing, or data indexing can be affected. The denial of service occurs because hash table lookups, insertions, and deletions become increasingly expensive as collisions increase, potentially leading to application unresponsiveness or complete service interruption. The vulnerability affects not just Apache httpd but any software that depends on APR for its hash table functionality, creating a wide attack surface.
This weakness aligns with CWE-327, which addresses the use of weak cryptographic hash functions, and relates to ATT&CK technique T1499.004 for network denial of service. The vulnerability demonstrates how fundamental library components can create systemic security risks when proper input validation and hash function design principles are not applied. Organizations should immediately update their APR installations to versions 1.4.6 or later where this vulnerability has been addressed through improved hash value computation that prevents predictable collision attacks. Additionally, implementing input sanitization and rate limiting mechanisms at application boundaries can provide additional defense in depth. The fix typically involves incorporating better hash mixing functions and ensuring that hash values are computed using algorithms that resist preimage and collision attacks, thereby protecting against both accidental and intentional collision exploitation.