http://lists.mandriva.com/security-announce/2011-05/msg00005.php It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching (CVE-2011-0419).
Blocks: (none) => 908
Fixed in commit 98877.
Status: NEW => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED