[3.4] expat: Multiple issues (CVE-2012-6702, CVE-2016-5300)ID: oval:org.secpod.oval:def:1800646 | Date: (C)2018-03-28 (M)2024-02-19 |
Class: PATCH | Family: unix |
CVE-2012-6702: Using XML_Parse before rand results into non-random output. Reference: CVE-2016-5300: Little entropy used for hash initialization. The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
Platform: |
Alpine Linux 3.4 |