CVE - CVE-2012-0876

CVE-ID
CVE-2012-0876	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested URL:http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html MISC:http://bugs.python.org/issue13703#msg151870 CONFIRM:http://sourceforge.net/projects/expat/files/expat/2.1.0/ CONFIRM:http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127 CONFIRM:https://support.apple.com/HT205637 CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html CONFIRM:https://www.tenable.com/security/tns-2016-20 APPLE:APPLE-SA-2013-10-22-3 URL:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html APPLE:APPLE-SA-2015-12-08-3 URL:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html DEBIAN:DSA-2525 URL:http://www.debian.org/security/2012/dsa-2525 MANDRIVA:MDVSA-2012:041 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:041 REDHAT:RHSA-2012:0731 URL:http://rhn.redhat.com/errata/RHSA-2012-0731.html REDHAT:RHSA-2016:0062 URL:http://rhn.redhat.com/errata/RHSA-2016-0062.html REDHAT:RHSA-2016:2957 URL:http://rhn.redhat.com/errata/RHSA-2016-2957.html UBUNTU:USN-1613-2 URL:http://www.ubuntu.com/usn/USN-1613-2 UBUNTU:USN-1527-1 URL:http://www.ubuntu.com/usn/USN-1527-1 UBUNTU:USN-1613-1 URL:http://www.ubuntu.com/usn/USN-1613-1 BID:52379 URL:http://www.securityfocus.com/bid/52379 SECUNIA:49504 URL:http://secunia.com/advisories/49504 SECUNIA:51024 URL:http://secunia.com/advisories/51024 SECUNIA:51040 URL:http://secunia.com/advisories/51040
Assigning CNA
N/A
Date Entry Created
20120119	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org