Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-0841
HistoryFeb 22, 2012 - 12:00 a.m.

CVE-2012-0841

2012-02-2200:00:00
ubuntu.com
ubuntu.com
21
libxml2
hash computation
vulnerability
denial of service
xml data

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

82.9%

libxml2 before 2.8.0 computes hash values without restricting the ability
to trigger hash collisions predictably, which allows context-dependent
attackers to cause a denial of service (CPU consumption) via crafted XML
data.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlibxml2< 2.6.31.dfsg-2ubuntu1.8UNKNOWN
ubuntu10.04noarchlibxml2< 2.7.6.dfsg-1ubuntu1.4UNKNOWN
ubuntu10.10noarchlibxml2< 2.7.7.dfsg-4ubuntu0.4UNKNOWN
ubuntu11.04noarchlibxml2< 2.7.8.dfsg-2ubuntu0.3UNKNOWN
ubuntu11.10noarchlibxml2< 2.7.8.dfsg-4ubuntu0.2UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

82.9%