Resource exhaustion in Libexpat_project Libexpat

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an X…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.

Affected products

Libexpat_project Libexpat
Oracle Solaris — versions 11.3
Python
Canonical Ubuntu_linux — versions 8.04, 10.04, 11.04
Debian Debian_linux — versions 6.0, 7.0
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.2
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_server_aus — versions 6.2
Redhat Enterprise_linux_workstation — versions 5.0, 6.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

49504 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
USN-1527-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
51040 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
RHSA-2012:0731 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
52379 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Release Notes)