CVE - CVE-2012-0876

CVE-ID
CVE-2012-0876	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2013-10-22-3 URL:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html APPLE:APPLE-SA-2015-12-08-3 URL:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html BID:52379 URL:http://www.securityfocus.com/bid/52379 CONFIRM:http://sourceforge.net/projects/expat/files/expat/2.1.0/ CONFIRM:http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127 CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10365 CONFIRM:https://support.apple.com/HT205637 CONFIRM:https://www.tenable.com/security/tns-2016-20 DEBIAN:DSA-2525 URL:http://www.debian.org/security/2012/dsa-2525 MANDRIVA:MDVSA-2012:041 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2012:041~~ (Obsolete source) MISC:http://bugs.python.org/issue13703#msg151870 MLIST:[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested URL:http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html REDHAT:RHSA-2012:0731 URL:http://rhn.redhat.com/errata/RHSA-2012-0731.html REDHAT:RHSA-2016:0062 URL:http://rhn.redhat.com/errata/RHSA-2016-0062.html REDHAT:RHSA-2016:2957 URL:http://rhn.redhat.com/errata/RHSA-2016-2957.html SECUNIA:49504 URL:http://secunia.com/advisories/49504 SECUNIA:51024 URL:http://secunia.com/advisories/51024 SECUNIA:51040 URL:http://secunia.com/advisories/51040 UBUNTU:USN-1527-1 URL:http://www.ubuntu.com/usn/USN-1527-1 UBUNTU:USN-1613-1 URL:http://www.ubuntu.com/usn/USN-1613-1 UBUNTU:USN-1613-2 URL:http://www.ubuntu.com/usn/USN-1613-2
Assigning CNA
Red Hat, Inc.
Date Record Created
20120119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)