Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0876

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0876
Last Modified 30 Oct 2013 11:23:23
Published 03 Jul 2012 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0876

Summary

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Vulnerable Systems

Application

  • Libexpat Expat 1.95.1

  • Libexpat Expat 1.95.2

  • Libexpat Expat 1.95.4

  • Libexpat Expat 1.95.5

  • Libexpat Expat 1.95.6

  • Libexpat Expat 1.95.7

  • Libexpat Expat 1.95.8

  • Libexpat Expat 2.0.0

  • Libexpat Expat 2.0.1


References

MANDRIVA - MDVSA-2012:041

CONFIRM - http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127

CONFIRM - http://sourceforge.net/projects/expat/files/expat/2.1.0/

SECUNIA - 49504

REDHAT - RHSA-2012:0731

MLIST - [Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested

MISC - http://bugs.python.org/issue13703#msg151870

UBUNTU - USN-1613-2

UBUNTU - USN-1527-1

DEBIAN - DSA-2525

UBUNTU - USN-1613-1

SECUNIA - 51040

SECUNIA - 51024

BID - 52379

APPLE - APPLE-SA-2013-10-22-3

Related Patches

SUN143506-06 Solaris 10 SPARC: GNOME 2.6.0: Python patch (Rev 2)

SUN143507-06 Solaris 10 x86: GNOME 2.6.0: Python patch (Rev 2)

Red Hat 2012:0731-01 RHSA Moderate: expat security update for RHEL 5 x86

Red Hat 2012:0731-01 RHSA Moderate: expat security update for RHEL 5 x86_64

Novell SUSE 2012:6200 expat security update for SLE 11 SP1 i586

Novell SUSE 2012:6200 expat security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6200 expat security update for SLES 11 SP2 x86_64 (Rev 2)

Novell SUSE 2012:8015 expat security update for SLE 10 SP4 i586

Novell SUSE 2012:8015 expat security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:18