CVE - CVE-2012-1148

CVE-ID
CVE-2012-1148	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167 CONFIRM:http://sourceforge.net/projects/expat/files/expat/2.1.0/ CONFIRM:http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127 CONFIRM:https://support.apple.com/HT205637 APPLE:APPLE-SA-2015-12-08-3 URL:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html DEBIAN:DSA-2525 URL:http://www.debian.org/security/2012/dsa-2525 MANDRIVA:MDVSA-2012:041 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:041 REDHAT:RHSA-2012:0731 URL:http://rhn.redhat.com/errata/RHSA-2012-0731.html REDHAT:RHSA-2016:0062 URL:http://rhn.redhat.com/errata/RHSA-2016-0062.html REDHAT:RHSA-2016:2957 URL:http://rhn.redhat.com/errata/RHSA-2016-2957.html UBUNTU:USN-1613-2 URL:http://www.ubuntu.com/usn/USN-1613-2 UBUNTU:USN-1527-1 URL:http://www.ubuntu.com/usn/USN-1527-1 UBUNTU:USN-1613-1 URL:http://www.ubuntu.com/usn/USN-1613-1 BID:52379 URL:http://www.securityfocus.com/bid/52379 SECTRACK:1034344 URL:http://www.securitytracker.com/id/1034344 SECUNIA:49504 URL:http://secunia.com/advisories/49504 SECUNIA:51024 URL:http://secunia.com/advisories/51024 SECUNIA:51040 URL:http://secunia.com/advisories/51040
Assigning CNA
N/A
Date Entry Created
20120214	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org