CVE-2012-0876

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
03/07/2012
Last modified:
11/04/2025

Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* 2.1.0 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 2.6.0 (including) 2.6.8 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 2.7.0 (including) 2.7.3 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.1.0 (including) 3.1.5 (excluding)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* 3.2.0 (including) 3.2.3 (excluding)
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools