[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0876Date: (C)2012-07-03   (M)2024-04-19


The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-49504
SECUNIA-51024
SECUNIA-51040
BID-52379
APPLE-SA-2013-10-22-3
APPLE-SA-2015-12-08-3
DSA-2525
MDVSA-2012:041
RHSA-2012:0731
RHSA-2016:0062
RHSA-2016:2957
USN-1527-1
USN-1613-1
USN-1613-2
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
http://bugs.python.org/issue13703#msg151870
http://sourceforge.net/projects/expat/files/expat/2.1.0/
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://support.apple.com/HT205637
https://www.tenable.com/security/tns-2016-20

CPE    9
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:debian:debian_linux:6.0
cpe:/o:debian:debian_linux:7.0
cpe:/o:redhat:enterprise_linux_server:6.0
...
CWE    1
CWE-400
OVAL    23
oval:org.secpod.oval:def:103775
oval:org.secpod.oval:def:103728
oval:org.secpod.oval:def:103646
oval:org.secpod.oval:def:32294
...

© SecPod Technologies