The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
05 Aug 2022, 14:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0062.html - Third Party Advisory | |
References | (CONFIRM) https://www.tenable.com/security/tns-2016-20 - Third Party Advisory | |
References | (MLIST) http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/51024 - Not Applicable | |
References | (BID) http://www.securityfocus.com/bid/52379 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://support.apple.com/HT205637 - Third Party Advisory | |
References | (CONFIRM) http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2012/dsa-2525 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1613-2 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1527-1 - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:041 - Broken Link | |
References | (CONFIRM) http://sourceforge.net/projects/expat/files/expat/2.1.0/ - Release Notes, Third Party Advisory | |
References | (MISC) http://bugs.python.org/issue13703#msg151870 - Issue Tracking, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/49504 - Not Applicable | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2957.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0731.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/51040 - Not Applicable | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1613-1 - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html - Broken Link, Mailing List | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html - Broken Link, Mailing List | |
CPE | cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
First Time |
Redhat enterprise Linux Workstation
Redhat storage Redhat enterprise Linux Server Python python Canonical Debian debian Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop Redhat enterprise Linux Eus Oracle solaris Redhat Debian Canonical ubuntu Linux Python Oracle |
|
CWE | CWE-400 |
25 Jan 2021, 15:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:libexpat:expat:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.4:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.6:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:*:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.8:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.1:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.5:*:*:*:*:*:*:* cpe:2.3:a:libexpat:expat:1.95.7:*:*:*:*:*:*:* |
cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:* cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:* |
Information
Published : 2012-07-03 19:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-0876
Mitre link : CVE-2012-0876
CVE.ORG link : CVE-2012-0876
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_eus
- storage
python
- python
debian
- debian_linux
oracle
- solaris
canonical
- ubuntu_linux
libexpat_project
- libexpat
CWE
CWE-400
Uncontrolled Resource Consumption