PT-2012-1120 · Expat+4 · Expat+4

Vincent Danen

Published

2012-06-13

Updated

2024-06-15

CVE-2012-0876

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions expat versions prior to 2.1.0

Description The issue is related to the XML parser in expat, which computes hash values without restricting the ability to trigger hash collisions predictably. This allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. The exploitation of this issue can lead to a disruption of protected information and can be performed remotely.

Recommendations For expat versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML files with many identifiers with the same value to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-400

Related Identifiers

BDU:2015-09649

CESA-2012_0731

CVE-2012-0876

DSA-2525-1

DSA-3597-1

OPENSUSE-SU-2024:10077-1

PSF-2012-4

RHSA-2012:0731

RHSA-2012_0731

SUSE-SU-2012_0772-1

SUSE-SU-2012_0773-1

SUSE-SU-2020:0497-1

USN-1527-1

USN-1527-2

USN-1613-1

USN-1613-2

Affected Products

Centos

Debian

Red Hat

Suse

Expat

PT-2012-1120 · Expat+4 · Expat+4

CVE-2012-0876

Weakness Enumeration

Related Identifiers

Affected Products

References · 96