Lucene search

K
cveRedhatCVE-2012-0876
HistoryJul 03, 2012 - 7:55 p.m.

CVE-2012-0876

2012-07-0319:55:02
CWE-400
redhat
web.nvd.nist.gov
201
2
xml parser
expat
hash collisions
denial of service
cve-2012-0876
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

74.2%

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Affected configurations

Nvd
Node
libexpat_projectlibexpatRange<2.1.0
Node
pythonpythonRange2.6.02.6.8
OR
pythonpythonRange2.7.02.7.3
OR
pythonpythonRange3.1.03.1.5
OR
pythonpythonRange3.2.03.2.3
Node
debiandebian_linuxMatch6.0
OR
debiandebian_linuxMatch7.0
Node
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch11.04
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04-
Node
oraclesolarisMatch11.3
Node
redhatstorageMatch2.0
OR
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch6.2
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_server_ausMatch6.2
OR
redhatenterprise_linux_workstationMatch5.0
OR
redhatenterprise_linux_workstationMatch6.0
VendorProductVersionCPE
libexpat_projectlibexpat*cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux11.04cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

References

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

74.2%