ID CVE-2012-0876
Summary The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat:expat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:-:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat:expat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat:expat:2.0.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2012:0731
  • rhsa
    id RHSA-2016:0062
  • rhsa
    id RHSA-2016:2957
rpms
  • expat-0:1.95.8-11.el5_8
  • expat-0:2.0.1-11.el6_2
  • expat-debuginfo-0:1.95.8-11.el5_8
  • expat-debuginfo-0:2.0.1-11.el6_2
  • expat-devel-0:1.95.8-11.el5_8
  • expat-devel-0:2.0.1-11.el6_2
refmap via4
apple
  • APPLE-SA-2013-10-22-3
  • APPLE-SA-2015-12-08-3
bid 52379
confirm
debian DSA-2525
mandriva MDVSA-2012:041
misc http://bugs.python.org/issue13703#msg151870
mlist [Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested
secunia
  • 49504
  • 51024
  • 51040
ubuntu
  • USN-1527-1
  • USN-1613-1
  • USN-1613-2
Last major update 05-01-2018 - 02:29
Published 03-07-2012 - 19:55
Last modified 05-01-2018 - 02:29
Back to Top